contact form exploit
There's a growing number of exploits related to e-mail contact forms. One particular exploit targets websites with a contact form that allows the user to enter his e-mail address; and then send his message by mail to a private e-mail address. Therefore the user allows himself to be contacted back by the website he writes to. If the e-mail field is not correctly validated as a real e-mail address, one can exploit this module and create an open SPAM relay. Besides regular e-mail checks via php/perl regular expressions, one can also run this PHP command:
There's more information on this fresh e-mail form vulnerability report from pair.com.
if (preg_match("/[\\000-\\037]/",$EMAIL)) { die(); } where $EMAIL is the e-mail address that needs to be checked against new line characters, and non-ASCII characters.There's more information on this fresh e-mail form vulnerability report from pair.com.
