It is not vulnerable - except that you will get these annoying probes from time to time :)
I have a blog on this top with lots of additional insight in the comments at the bottom. http://mkruger.cfwebtools.com/index.cfm?mode=alias&alias=email%20injection This follow up references a function for handling the injections. http://mkruger.cfwebtools.com/index.cfm/2006/2/5/email.injection.function -Mark -----Original Message----- From: Ian Buzer [mailto:[EMAIL PROTECTED] Sent: Sunday, February 19, 2006 2:18 AM To: CF-Talk Subject: cfmail - is it vulnerable? Hello, Just got a bunch of emails in my inbox this morning that had been sent from a contact form on one of my web sites. They all contained content a bit like this: deeper xxContent-Type: multipart/alternative; boundary=e00c35d22e0dba33a15957f33286efe8 MIME-Version: 1.0 Subject: idee is that a bcc: [EMAIL PROTECTED] This is a multi-part message in MIME format. --e00c35d22e0dba33a15957f33286efe8 xxContent-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit v coorse, he thinks marredge is goin to change --e00c35d22e0dba33a15957f33286efe8-- .... It looks like someone's trying to test to see if the form is vulnerable to having headers injected into it. In fact, on one of the attempts, he did manage to override the subject of the email. Does anyone know if cfmail is vulnerable to this kind of thing? It looks like it might be. What's the best way of preventing it? Perhaps I'll have to start replacing out any instances of "Content-Type" in any email form fields :( Ian ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:232858 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
