BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Re: (PHP) mb_send_mail security bypass Mar 01 2006 03:14PM
Yasuo Ohgaki (yohgaki ohgaki net)
You should check mail() also...

mail() has exactly the same issue, since both mail() and mb_send_mail() applies
php_escape_shell_cmd() to 5th parameter.

Since the PoC is feeding usual options to sendmail command, php_escape_shell_cmd()
is useless for this kind of code.

Solution:
DO NOT TRUST safe...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus