TriNetre - Archive for July 31, 2005

(no longer updated)

« July 30, 2005 | Main | August 02, 2005 »

July 31, 2005

Attempts to sneak spam

[Security] @ 10:47 AM

Someone is trying extra hard to sneak in some spam through my mail servers. I have a contact form that lets visitors send me comments and messages. The attempt tries to pass some cleverly crafted message with new-line characters and carriage returns to add new email addresses to the "To" field of the email that the script then sends me.

Luckly for me the script I wrote assumes a messy world out there. It:

does not allow any of the values gathered from the form to be used in the mail header. All of that goes into the body. The To, From and Subject fields are hard coded into the script.
strips off all new like characters and carriage returns from all the fields that are passed from the form. Maybe the text might look a bit off when I get the email, no big deal.

This is an example of the message that was used to try and probe the script for weakness:

wboijmdlxw@srijith.net
Content-Type: multipart/mixed; boundary="===============1277748472=="
MIME-Version: 1.0
Subject: f9f5afa7
To: wboijmdlxw@srijith.net
bcc: bergkoch8@aol.com
From: wboijmdlxw@srijith.net

This is a multi-part message in MIME format.

--===============1277748472==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

jfb
--===============1277748472==--

bergkoch8@aol.com is the email address that wanted to be BCCed to confirm that the exploit work. Hey bergkoch8, move on.

Link | Comments (0) |