Results 1 to 4 of 4

Thread: Is this an injection attack?

  1. #1
    Join Date
    Aug 2007
    Location
    Paris
    Beans
    5,538
    Distro
    Ubuntu 11.04 Natty Narwhal

    Is this an injection attack?

    This isn't an Ubuntu-specific question, but I'm hoping someone here might be able to help me out all the same.

    I have a public website, coded in PHP, that allows visitors to send email via a form. The code that sends the email is located in a file named 'send_mail.php' and looks like this:

    Code:
    <?php
    $to = 'recipient1@address.com' . ', ';
    $to .= 'recipient2@address.com' . ', ';
    $to .= 'recipient3@address.com' . ', ';
    
    $subject = "Mail from website";
    $message = $_POST["message"];
    $sender_email = $_POST["sender_email"];
    $sender_name = $_POST["sender_name"];
    $message = "You have received the following message from $sender_name, $sender_email, via the website: $message";
    mail($to, $subject, $message);
    $mail_success = "yes";
    
    include "contact.php";
    
    ?>
    'contact.php' includes this HTML:
    Code:
      	<p><strong>Use this form to send email:</strong></p>
      <form method="post" enctype="multipart/form-data" action="send_mail.php">
        <p><input class="side" type="text" value="your name" name="sender_name" /></p>
        <p><input class="side" type="text" value="your email"  name="sender_email" /></p>
        <p><textarea class="side" name="message" cols="70" rows="10"></textarea></p>
        <p><input class="button" value="Send" type="submit" /></p>
        <p><input class="button" value="Reset" type="reset" /></p>
      </form>
    Recently, I've been getting a number of emails from the website that contain the following:
    Code:
    login solidarity%0A%0aadd $sender_email $sender_name%0A%0aend
    and nothing else. I'm a bit puzzled about why these are appearing. Over the last year, I've been receiving one or two a month and didn't think much of them, but in the last week I've been getting several a day. I'm worried that someone may be trying to do something nasty, like HTML injection. But I'm also not much of a programmer, so maybe this has a less sinister explanation that will be obvious to people with more programming experience. If anyone has any thoughts, I'd really appreciate them, and thanks in advance for engaging in a non-Ubuntu topic.

  2. #2
    Join Date
    Mar 2005
    Beans
    947
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Is this an injection attack?

    Dunno, but it kinda looks more like a broken spambot. Whether that's "less sinister", I'll leave up to you.

  3. #3
    NoaHall is offline Iced Blended Vanilla Crème Ubuntu
    Join Date
    Mar 2009
    Beans
    1,562
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: Is this an injection attack?

    I'd add a validation system to make sure none of the fields are blank, and that the email address is in the right format.

  4. #4
    Join Date
    Aug 2007
    Location
    Paris
    Beans
    5,538
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Is this an injection attack?

    Thanks for the helpful suggestions. A broken spambot makes a lot of sense. I'll see if adding a simple captcha test solves the problem. I'll also add code to validate email addresses and check for blank fields; I'm sure that won't hurt.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •