On 10/23/2013 06:18 PM, Ronald F. Guilmette wrote:
...
print SM <<EOF;
To: "Tristatelogic.Com Administrator" <admin\@tristatelogic.com>
From: "$sender_name" <$sender_addr>
Subject: Your message to Tristatelogic.Com
X-Server-Protocol: $server_protocol
X-Http-User-Agent: $http_user_agent
X-Http-Referer: $http_referer
X-Remote-Addr: $remote_addr
X-Remote-Host: $remote_host
$message
EOF
...
it isn't a here doc problem. they are just alternate ways of making
strings and nothing special about them. also they don't need to use EOF
for the token.
The puzzle is that I have received (in my admin inbox) two messages that
were clearly generated through and via the script that contains the above
code, *however* these two e-mail messages in particular, for some reason
*do* include the:
To: "Tristatelogic.Com Administrator" <admin\@tristatelogic.com>
header, and each one also includes a From: header, but then after that,
all the other headers that I had assumed would *always* be part of such
messages are not there... and it is quite apparent, because of the context,
that this must be because of the fact that the attacker who was looking for
exploits in my web site contact form kept on trying to put various quirky
and weird strings into the sender address data field in/on the form.
so your email didn't get anything beyond the from: line? that is the big
clue. email servers read headers until the first blank line. i bet the
from field was filled with a string that had a newline in it (somehow).
there may be another cause but it can't be a here doc as the data has no
access to your code. something in the data caused the rest of the
headers not to be processed by the mailer.
P.S. Don't bother trying to reproduce the exploit by putting weird stuff
into the contact form on my web site. I have revamped the contact form
handler script and have removed the "here" document it formerly contained
entirely.
it isn't the here doc but the data. it can't be the here doc. if you
changed it to another string style the same exploit is there.
uri
--
Uri Guttman - The Perl Hunter
The Best Perl Jobs, The Best Perl Hackers
http://PerlHunter.com
--
To unsubscribe, e-mail: beginners-unsubscr...@perl.org
For additional commands, e-mail: beginners-h...@perl.org
http://learn.perl.org/
