|
Before learning how e-mail injection works, we must take a look on how the php mail() function works. Here is the basic syntax of this function:
<?php mail($recipient,$subject,$message,$headers); ?>
Using the example above, the following output would be produced:
To: $recipient
Subject: $subject
$headers
$message
Knowing this, we may assume that a malicious user may want to include additional fields to the header, such as the "cc" and "bcc", and even another "to". So, if a spammer discovers any way to inject anything to your headers, he could easilly use your form to send SPAM.
To understand, assume that the following is inserted in the "to" field of your form:
you@place.www%0Acc:any1@site.xxx%0Abcc:some1@host.yyy,person@blah.zzz%0Ato:guy@server.jjj
The real email data would be:
To: you@place.www
cc: any1@site.xxx
bcc: some1@host.yyy,person@blah.zzz
to: guy@server.jjj
Assuming this scenario, the spammer would have successfully sent the message to four people he have chosen.
Not only these fields could be manipulated, but also the subject, the message and anything the malicious user wants. Thus, the spammer could send any message, with any subject to anybody. To complete, if the spammer manipulates the "Content-type" MIME field he can even split the message in parts, so only what he really wants is sent to the victims.
Seems a big trouble? Well, it really is if you don't know how to protect yourself.
Click here to learn some ways to secure your scripts.
| 
Portuguese version
