Hello, Just got a bunch of emails in my inbox this morning that had been sent from a contact form on one of my web sites. They all contained content a bit like this:
deeper xxContent-Type: multipart/alternative; boundary=e00c35d22e0dba33a15957f33286efe8 MIME-Version: 1.0 Subject: idee is that a bcc: [EMAIL PROTECTED] This is a multi-part message in MIME format. --e00c35d22e0dba33a15957f33286efe8 xxContent-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit v coorse, he thinks marredge is goin to change --e00c35d22e0dba33a15957f33286efe8-- ... It looks like someone's trying to test to see if the form is vulnerable to having headers injected into it. In fact, on one of the attempts, he did manage to override the subject of the email. Does anyone know if cfmail is vulnerable to this kind of thing? It looks like it might be. What's the best way of preventing it? Perhaps I'll have to start replacing out any instances of "Content-Type" in any email form fields :( Ian ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:232830 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
