PHP Mail Function ASCII Control Character Header Spoofing Vulnerability

info
discussion
exploit
solution
references

PHP Mail Function ASCII Control Character Header Spoofing Vulnerability

PHP is the Personal HomePage development toolkit, distributed by the PHP.net, and maintained by the PHP Development Team in public domain.

The PHP mail function does not properly sanitize user input. Because of this, a user may pass ASCII control characters to the mail() function that could alter the headers of email. This could result in spoofed mail headers.