RE: Email injection Attacks

Mon, 05 Sep 2005 03:19:50 -0700 

> OK, so anybody got any "best practice" ideas to thwart this sort of thing
using CF?

Hi Les,

I've been seeing these on and off for a week or so. Apart from doing the
standard stuff such as setting the maxlength in the form fields and then
enforcing those lengths with a function call like so Left(Trim(Form.Field),
x) where x is the maximum length of the field, I have also written a simple
function to loop through all the form fields returning true if we get a
positive for whatever we're looking for...

<cfif FoundInForm("Content-Type:,MIME-Version:,Subject:,CC:")>
        <!--- error handler --->
<cfelse>
        <!--- handle form submission --->       
</cfif>

Where FoundInForm does the following....

<cfscript>

        function FoundInForm(paramList) {
                var i = 1;
                var j = 1;
                var result = false;
                for (i = 1; i LTE ListLen(paramList); i = i + 1) {
                        for (j = 1; j LTE ListLen(Form.FieldNames); j = j +
1) {
                                if (FindNoCase(ListGetAt(paramList, i),
evaluate("Form.#ListGetAt(Form.FieldNames, j)#")) IS True) {
                                        result = true;
                                        break;
                                }
                        }
                }
                return result;
        }

</cfscript>

Other things that we do include validating the e-mail address if supplied
using regular expressions and an MX lookup using our own CFX tag
CFX_ValidEmail. We also ensure that the domain name of the e-mail address is
not the same as the domain name of the site in question.

These techniques have *up to now* negated any erroneous form submissions on
our customers sites that we have implemented them on. That isn't to say they
are 100% effective but the addition of the code I have posted has eliminated
the possibility of exploitation using the current techniques that we're
seeing from the spammers.

Paul


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Find out how CFTicket can increase your company's customer support 
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:217340
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Reply via email to