From: legit-user@example.com\r\nReply-To: phisher@evil.com\r\n
$to = "admin@site.com"; $subject = $_POST['subject']; // Vulnerable point $message = $_POST['message']; $headers = "From: " . $_POST['email']; // Vulnerable point mail($to, $subject, $message, $headers); Use code with caution. 3. The Execution php email form validation - v3.1 exploit
Irony alert! PHP fixes security flaw in input validation code From: legit-user@example
?>
file_put_contents("logs/error_" . $_POST['email'] . ".log", $error); $subject = $_POST['subject']
From: legit-user@example.com\r\nReply-To: phisher@evil.com\r\n
$to = "admin@site.com"; $subject = $_POST['subject']; // Vulnerable point $message = $_POST['message']; $headers = "From: " . $_POST['email']; // Vulnerable point mail($to, $subject, $message, $headers); Use code with caution. 3. The Execution
Irony alert! PHP fixes security flaw in input validation code
?>
file_put_contents("logs/error_" . $_POST['email'] . ".log", $error);