[nycphp-talk] worm/virus's hammering feedback scripts? POLISHED VERSION
Hans Zaunere
lists at zaunere.com
Mon Sep 12 23:08:08 EDT 2005
I'm preparing to make the posting, but want to double check something.
Please see below.
Michael Southwell scribbled on Monday, September 12, 2005 12:15 PM:
> I polished this up a bit.
>
> IMPORTANT: Ken's original function did not work in my testing,
> because (1) the \ in \r and \n needed to be escaped, and (2) he had
> the letter O instead of the numeral 0 in the hex numbers. Somebody
> smarter than I am, please check carefully the modified version
> included below. ===========================
>
> Problem:
> Bot-net scanning to locate php scripts which are vulnerable to a email
> header injection exploit. All PHP scripts which send email based on
> input data are vulnerable.
>
> Discussion:
> A large scale distributed network of machines is currently being
> employed to scan php-based websites in search of scripts which are
Is this exploit PHP specific? Although I haven't confirmed, the nature of
the vulnerability would appear to effect any mailing web form, in nearly any
language. Can anyone provide additional details?
---
Hans Zaunere / President / New York PHP
www.nyphp.org / www.nyphp.com
More information about the talk
mailing list