News Feed
Jobs Feed
Sections




News Archive
Hardened-PHP Project:
Dotdeb PHP Email Header Injection Vulnerability
by Chris Cornutt November 14, 2006 @ 14:13:00

The Hardened PHP Project has released another vulnerability today for the Dotdeb PHP package repository software. The exploit allows for an email header injection.

It was discovered that the Dotdeb PHP packages are patched with a mail() protection patch that was originally created by Steve Bennett and is nowadays developed at choon.net. This patch adds an X-PHP-Script header to outgoing mails that contains the name of the server, the script and the calling IP.

An example of an attack via this issue would be injecting Bcc: headers into emails with sensitive information, copying them to themselves. The latest version of the package can be downloaded from their site. It is suggested that versions less than 5.2.0 Rev 3 upgrade immediately.

0 comments voice your opinion now!
dotdeb email header injection vulnerability advisory dotdeb email header injection vulnerability advisory


blog comments powered by Disqus

Similar Posts

Tim's Blog: Cyclic Dependency Injection and Making a Choice

Hardened-PHP Project: Advisory - PHP open_basedir Race Condition Vulnerability

Kevin Schroeder's Blog: ZF2 Dependency Injection - Multiple Object Instances

Site News: Got a job you want the Community to know about? Let us post it!

Secunia.com: CodeIgniter Weakness and Directory Traversal Vulnerability


 Community Events











Don't see your event here?
Let us know!

tool zendframework2 community language series opinion interview phpunit code conference testing unittest application functional podcast framework introduction development example release

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework