Neverside

Hack this Script

Hi. Can someone try and hack this script please: http://www.kgx.net.nz/contact.php

As far as I can tell, I've made it secure enough but I've been getting a few bogus emails from there. I just can't seem to figure out how someone managed to bypass the script's checks.

Try and see if you can make it send emails to other addresses and stuff like that.

Thanks for your time

What damage could someone do with that? The worst would be to send you an email with an unrepliable email address or spam. Otherwise, I do not see any harm that can be done with it

Cool..thanks

Coz I've received a few emails which CCs to other addresses as well. They can use my script for mass mailing others But I don't see how it can be done!

Last edited by kgx, December 7th, 2005 11:41 AM (Edited 1 times)

well, post the code and we shall tell!

___________________

-Developer
-Forum Leader
-NeverNET

I pressed the submit button a few times but the page caught up with me and redirected.

Someone said:

Quote:

why need to hack? just enter bull and you get spams!! #$(#)$*@)#$@*$&#$ #LISD U#@*E@#

there are many spam bots on the net that do this, maybe check the email it comes from and install a spam filter on ya computer!

What actually worries me is that others can get spammed because of my script (since I received emails with recipients other than me).

But anyway, since you guys can't hack, I assume its safe now. Will post again should bots start it again.

rather than us trying, it would be better if you posted the code and we could tell you where the problem is.

___________________

-Developer
-Forum Leader
-NeverNET

The main risk is that the email being sent to you as an XSS attack of types.

You are probally a victim of header injection. The lesson to be learned is to never trust user input. Google up to learn what to do, plus read comments and what not of php's maildoc.

http://securephp.damonkohler.com/index.php/Email_Injection
http://us3.php.net/mail
http://www.improveyourweb.com/?q=node/31
http://www.weberdev.com/get_example-4238.html

I figure 80% this is the issue. Research a function before you use it.

___________________

http://www.philbrodeur.com - Expert PHP Development and Tutorials

Who's Noel Forbes? You managed to hack in.

Quote:

To: [my@address.com]
Subject: Email from kgx.net.nz
From: Noel Forbes
To: hptptf@cynigram.com <nforbes@cynigram.com>
Message-Id: <E1EkSVf-0005G3-4G@server.dhdns.com>
Date: Thu, 08 Dec 2005 13:36:59 -0700

Email from Noel Forbes
To: hptptf@cynigram.com <nforbes@cynigram.com>
[Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Firefox/1.0.7 (Debian package 1.0.7-1)] - 68.221.62.88

(This is a test; disregard it, please.)

Here's the code:

PHP:

<?php

$error = false;

@$name = $_POST["name"];
@$email = $_POST["email"];
@$message = $_POST["message"];
@$errorStatus = array(name=>false, email=>false, message=>false);    //This is used to mark the error fields in the form after submission

if (count($_POST)>0){
    if ($name == ""){
        $error = true;
        $errorStatus["name"] = true;
    }
    
    if (!preg_match("/^\w([-\+\.\w\&]*[\w\&])?@(\w[-\w]+\.)+[-\w]{2,4}$/", $email)){
        $error = true;
        $errorStatus["email"] = true;
    }
    
    if ($message == ""){
        $error = true;
        $errorStatus["message"] = true;
    }
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
            "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<!-- 
© kgx 2002-2005 version 4.0
Email: [censored]        ICQ: 47179429
All rights reserved (whatever that means).

If you're reading this hoping to find something funny, then sorry to disappoint you.
I stopped writing funny stuff in my comments since now =)

Oh yeah, dare steal anything (and i mean ANYTHING) from this site, and I will
hunt you down and feed to you to the sharks!
-->

<title>kgx.net.nz - Contact Me</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<?php
    $user_agent =  strtolower($_SERVER['HTTP_USER_AGENT']);
    $opera = strstr($user_agent, 'opera');    //Check opera first since it also contains MSIE
    $msie = strstr($user_agent, 'msie');
    $gecko = strstr($user_agent, 'gecko');
    
    if($gecko || $opera){
        echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"web/styles/drop.css\" title=\"Water Drop\" />";
    }
    elseif($msie){
        echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"web/styles/drop_ie.css\" title=\"Water Drop\" />";    
    }
    else{
        echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"web/styles/drop_ie.css\" title=\"Water Drop\" />";
    }
?>

<style type="text/css">
@import url("web/styles/contact.css");
</style>

</head>

<body>
<?php include("menu.inc"); ?>
<div id="contact">
<?php
if (count($_POST)>0 && !$error){
    if (@mail("[censored]", "Email from kgx.net.nz", "Email from ".stripslashes($name)." <".
    $email.    ">\n[".$_SERVER['HTTP_USER_AGENT']."] - ".$_SERVER['REMOTE_ADDR']."\n\n\n".stripslashes($message),
    "From: ".$name." <".$email.">")){
        echo "Email successfully sent! You should expect a reply soon <img src=\"smilies/smile.gif\" alt=\"\" />";
    }
    else{
        echo "There was an error sending the email! This is most likely due to server problems.<br />";
        echo "Please try again later or hit \"refresh\" in your browser to send the email again.<br /><br />";
        echo "If you still come up with this error, send me an email directly to karuna.kgx <at> gmail.com<br />";
        echo "or contact me by ICQ at 47179429.";
    }
}
else{?>

    <div id="contact_me"></div>
    <a href="http://wwp.icq.com/47179429#pager">
    <img src="http://wwp.icq.com/scripts/online.dll?icq=47179429&amp;img=5" alt="" title="My ICQ Status" style="vertical-align:middle " /></a>
    <a href="http://wwp.icq.com/47179429#pager" title="Contact me by ICQ">ICQ</a>: 47179429 (please note I don't go on ICQ very often)<br /><br />
    <img src="images/gmail.gif" alt="" title="Contact me by email" /> Email: karuna.kgx <at> gmail.com<br /><br />

    <p>
    Or save yourself the effort and fill out the following form which will go directly to my email inbox:
    </p>
    <form name="contact_form" id="form" method="post" action="contact.php">
<?php
      echo "Name:<br />";
      echo "<input type=\"text\" name=\"name\" value=\"".stripslashes($name)."\" size=\"30\" />";
      if ($errorStatus["name"]) { echo "<span class=\"error\"> Please enter your name</span>"; }
      echo "<br /><br />";
      echo "Email: <br />";
      echo "<input type=\"text\" name=\"email\" value=\"".stripslashes($email)."\" size=\"30\" />";
      if ($errorStatus["email"]) { echo "<span class=\"error\"> Please enter your email address correctly</span>"; }
      echo "<br /><br />";
      echo "Message: <br />";
      echo "<textarea name=\"message\" cols=\"40\" rows=\"8\">".stripslashes($message)."</textarea>";
      if ($errorStatus["message"]) { echo "<span class=\"error\"> Please enter a message</span>"; }
?>
      <br /><br />
      <input type="submit" name="submit" value="Submit" />
      <input type="reset" name="reset" value="Reset" />
    </form>
    <div id="footer">
    <acronym title="The ICQ logo copyright of ICQ Inc and the Gmail logo copyright of Google">&copy;kgx 2002-2005</acronym><br />
    This site is best viewed with the latest available browsers.<br />
    <a href="http://www.mozilla.org/products/firefox/">This</a> is a browser. <a href="http://www.microsoft.com/windows/ie/">This</a> is a browser on drugs.<br /><br />
    <a href="http://validator.w3.org/check?uri=referer" title="Valid XHTML 1.0">
    <img src="web/xhtml10.gif" alt="Valid XHTML" /></a>&nbsp;
    <a href="http://jigsaw.w3.org/css-validator/check/referer" title="Valid CSS">
    <img src="web/css.gif" alt="Valid CSS" /></a>&nbsp;
    <a href="http://www.spreadfirefox.com/?q=affiliates&amp;id=20731&amp;t=77" title="Get Mozilla Firefox">
    <img src="web/firefox_80x15.png" alt="Download Firefox" /></a> -->
    </div>
<?php } ?>
</div>
</body>
</html>

I'm off to my work's xmas party now. Thanks for the feedback guys

Last edited by kgx, December 9th, 2005 10:03 AM (Edited 3 times)

I told you why...

___________________

http://www.philbrodeur.com - Expert PHP Development and Tutorials