Jump to content
xisto Community
Sign in to follow this  
Albus Dumbledore

Bcc Exploit In My Programming?

Recommended Posts

Just a couple minutes ago i got an e-mail from a web developer in San Diego and apparently he received a large amount of spam e-mail from my websites contact forum because spammers found something called a BCC Exploit in my programing and are using my script to re-direct mail messages through my server to peoples e-mails.now i have no idea what this means, but i suppose i need to stop it. How so? Can you suggest a more secure contact form script?

Share this post


Link to post
Share on other sites

i went through and looked at it, and it looks way to confusing for me...do you have a more noobish one? one that just acts as the script for sending it and i can make my own form to use instead of having it in the file.if anyone else has any suggestions as to a new contact form i can use, please send it to me.

Edited by Albus Dumbledore (see edit history)

Share this post


Link to post
Share on other sites

Someone is using javascript to access your mail form by injecting email addresses into the Bcc header of the mail() function. Test for the injection and void the action by using php to check for the header prior to sending the mail.

Here is a function to void the string if it contains the injection: http://www.larryullman.com/tag/reading/?6,28810

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.