Is there any injection vunerability in the body of an email?
Posted
by
Brett
on Stack Overflow
See other posts from Stack Overflow
or by Brett
Published on 2011-03-17T16:07:17Z
Indexed on
2011/03/17
16:10 UTC
Read the original article
Hit count: 178
Hey guys..... AFAIK there is only a vulnerability within the HEADERS of an email when using user data correct?
I am using the below function to sanitize my data, however I have some textarea fields on the page & hence these may contain linebreaks.. so was wondering if that user data is only going to be put in the body of the email, can it not bother with being sanitized - apart from stripping html of course?
Here is the function:
function is_injected($str) {
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if (preg_match($inject,$str)) {
return true;
} else {
return false;
}
}
As a side note, surprised there wasn't currently a tag for mail-injection / email-injection.
Thanks!
© Stack Overflow or respective owner