There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> <?php if (isset(
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form. What happens if the user adds the following text to the email input field in the form?
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above! PHP Stopping E-mail Injections
|
<html> <body> <?php function spamcheck($field) { //eregi() performs a case insensitive regular expression match if(eregi("to:",$field) || eregi("cc:",$field)) { return TRUE; } else { return FALSE; } } //if "email" is filled out, send email if (isset(
There is a weakness in the PHP e-mail script in the previous chapter. PHP E-mail Injections
|
<html> <body> ___FCKpd___1 ___FCKpd___2 |
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> ___FCKpd___1 ___FCKpd___2 |
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> ___FCKpd___1 ___FCKpd___2 |
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
___FCKpd___2
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> <?php if (isset(
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form. What happens if the user adds the following text to the email input field in the form?
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above! PHP Stopping E-mail Injections
|
<html> <body> <?php function spamcheck($field) { //eregi() performs a case insensitive regular expression match if(eregi("to:",$field) || eregi("cc:",$field)) { return TRUE; } else { return FALSE; } } ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> ___FCKpd___1 ___FCKpd___2 |
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> ___FCKpd___1 ___FCKpd___2 |
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> ___FCKpd___1 ___FCKpd___2 |
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
___FCKpd___2
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> <?php if (isset(
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form. What happens if the user adds the following text to the email input field in the form?
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above! PHP Stopping E-mail Injections
|
<html> <body> <?php function spamcheck($field) { //eregi() performs a case insensitive regular expression match if(eregi("to:",$field) || eregi("cc:",$field)) { return TRUE; } else { return FALSE; } } ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> ___FCKpd___1 ___FCKpd___2 |
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> ___FCKpd___1 ___FCKpd___2 |
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> ___FCKpd___1 ___FCKpd___2 |
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
___FCKpd___2
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> <?php if (isset(
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form. What happens if the user adds the following text to the email input field in the form?
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above! PHP Stopping E-mail Injections
|
<html> <body> <?php function spamcheck($field) { //eregi() performs a case insensitive regular expression match if(eregi("to:",$field) || eregi("cc:",$field)) { return TRUE; } else { return FALSE; } } ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> ___FCKpd___1 ___FCKpd___2 |
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> ___FCKpd___1 ___FCKpd___2 |
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> ___FCKpd___1 ___FCKpd___2 |
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
___FCKpd___2
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> <?php if (isset(
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form. What happens if the user adds the following text to the email input field in the form?
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above! PHP Stopping E-mail Injections
|
<html> <body> <?php function spamcheck($field) { //eregi() performs a case insensitive regular expression match if(eregi("to:",$field) || eregi("cc:",$field)) { return TRUE; } else { return FALSE; } } ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> ___FCKpd___1 ___FCKpd___2 |
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> ___FCKpd___1 ___FCKpd___2 |
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> ___FCKpd___1 ___FCKpd___2 |
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
___FCKpd___2
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
___FCKpd___7
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> ___FCKpd___1 ___FCKpd___2 |
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> ___FCKpd___1 ___FCKpd___2 |
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
There is a weakness in the PHP e-mail script in the previous chapter.
如果运用前一章讲到的PHP邮件发送脚本发送邮件的话,将很不安全。
PHP E-mail Injections
PHP 如何运行E-mail Injections
First, look at the PHP code from the previous chapter:
首先,我们先来看一下上一章讲到的PHP代码:
<html> <body> ___FCKpd___1 ___FCKpd___2 |
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |
___FCKpd___2
The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.
上述代码的问题就是未被授权的用户也可以通过输入表单向邮件标题[mail header]中插入数据信息。
What happens if the user adds the following text to the email input field in the form?
如果用户将下面的文本添加到表单中的email输入框中,将会发生什么情况呢?
___FCKpd___3 |
The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!
Mail()函数像往常一样将上述的文本添加到邮件标题中。现在标题中含有Cc:,Bcc以及To:这样的附加域[extra field]。当用户点击提交按钮时,e-mail将会被发送到上述所有的地址中。
PHP Stopping E-mail Injections
PHP如何终止运行E-mail Injections
The best way to stop e-mail injections is to validate the input.
终止运行injections的最佳方法就是去验证输入的信息。
The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:
下面这段代码和前一章提到过的相同,但是现在,我们已经在其中加入了用于检验表单中E-mail域的“信息输入验证器”,具体如下:
___FCKpd___4 ___FCKpd___5 ___FCKpd___6 ___FCKpd___7 |