> Perhaps I'll have to start replacing out any instances of "Content-Type"
> in any email form fields :(
That's what I ended up having to do. I got about 20 or so emails that had
gotten through like that and analyzed them for common themes. I found
several that could be bad and checked for them. Here's some code if you're
interested:
<!--- list of no-no terms --->
<cfset VARIABLES.valid = 1>
<cfset VARIABLES.badterms =
"MIME-Version,Content-Type,bcc:,Content-Transfer-Encoding,text/plain">
<!--- loop over form fields and see if there's any crap in them --->
<cfloop index="field" list="#FORM.fieldnames#">
<!--- loop over bad terms on this form field --->
<cfloop index="term" list="#VARIABLES.badterms#">
<!--- if there's crap in the form field then cancel the loop
and break
out --->
<cfif FindNoCase(term,Evaluate("FORM."&field))>
<cfset VARIABLES.valid = 0>
<cfbreak>
</cfif>
</cfloop>
<!--- if there's crap in the form field then cancel the loop and break
out --->
<cfif NOT VARIABLES.valid>
<cfbreak>
</cfif>
</cfloop>
<!----------------//------
andy matthews
web developer
ICGLink, Inc.
[EMAIL PROTECTED]
615.370.1530 x737
--------------//--------->
-----Original Message-----
From: Ian Buzer [mailto:[EMAIL PROTECTED]
Sent: Sunday, February 19, 2006 2:18 AM
To: CF-Talk
Subject: cfmail - is it vulnerable?
Hello,
Just got a bunch of emails in my inbox this morning that had been sent from
a contact form on one of my web sites.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:232912
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
