PHP Mail Function ASCIIZ Message Truncation Weakness

Attackers can use a browser to exploit this issue.

The followin example PHP code demonstrates this issue:

<?php
mail("test@domain(dot)com", "Truncation Test", "You will see this message\0but not this");
?>


 

Privacy Statement
Copyright 2010, SecurityFocus