Edit report at http://bugs.php.net/bug.php?id=51705&edit=1
ID: 51705 Comment by: anon at anon dot com Reported by: fireburn17 at gmail dot com Summary: Insecure function without any kind of authentication Status: Bogus Type: Bug Package: Mail related Operating System: ANY PHP Version: 5.3.2 New Comment: Congratulations, you discovered how email works. It's not a bug. (You can do exactly the same thing with phone numbers and SMS messages using the right services.) Previous Comments: ------------------------------------------------------------------------ [2010-04-30 16:18:18] paj...@php.net Sorry, but your problem does not imply a bug in PHP itself. For a list of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php as this bug system is not the appropriate forum for asking support questions. Due to the volume of reports we can not explain in detail here why your report is not a bug. The support channels will be able to provide an explanation for you. Thank you for your interest in PHP. ------------------------------------------------------------------------ [2010-04-30 15:42:30] fireburn17 at gmail dot com Description: ------------ <?php $to = 'nob...@example.com'; $subject = 'the subject'; $message = 'hello'; $headers = 'From: someonee...@example.com' . "\r\n" . 'Reply-To: webmas...@example.com' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); mail($to, $subject, $message, $headers); ?> One can mail anyone using someone else's email address without authentication. No password is required. $to = 'anyb...@example.com' 'From: someonee...@example.com' "SERIOUS SECURITY ISSUE" Bug detected By: DEVESH GOYAL Expected result: ---------------- Must ask for password for the email address which is used in 'From: someonee...@example.com' "SERIOUS SECURITY ISSUE" Bug detected By: DEVESH GOYAL ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=51705&edit=1
