[localrec]

Hi there, I'm the system admin on a linux virtual domain server (Suse Linux) and the web guy has placed a PHP script on our site in order to use some email features. Qmail is the current email program.

It's not working . . . and I'm not sure why. I've checked the qmail settings and the paths that I can find. But it's the first time I've worked with qmail, so it's possible I'm simply not aware of something obvious.

Here's his code:

<?php
(!empty($_GET['src']))? $src = $_GET['src'] : $src = 1;

switch($src){


default:



$name = $_POST['name'];
$email = $_POST['email'];
$comment = $_POST['comment'];


$subject = "WeB Email form";


$headers = "From: $name <$email>\n";
$headers .= "X-Sender: <$email>\n";
$headers .= "X-Mailer: PHP\n";
$headers .= "X-Priority: 1\n";
$headers .= "Return-Path: $name <$email>\n";

$recipient = "admin@localrecommendations.com";


$message = $comment;

mail($recipient, $subject, $message, $headers);

$subject = "Thank you for visitng ";


$headers = "From: webmaster <dave@localrecommendations.com>\n";
$headers .= "X-Sender: <dave@localrecommendations.com>\n";
$headers .= "X-Mailer: PHP\n";
$headers .= "X-Priority: 1\n";
$headers .= "Return-Path: webmaster <dave@localrecommendations.com>\n";

$recipient = $email;


$message = "Thank you $name, for your taking the time to visit Local Recommendations. If you had a question it will be answered as soon as possible";

mail($recipient, $subject, $message, $headers);

}
break:

?>

Any ideas? Thanks!!

[michaeln]

Is this a script just anyone can fill out? If so you need to add some input checking into the script as it is a bit exploitable the way it is written.

What if someone entered:
one@email.com;two@email.com;three@email.com;four@email.com
etc. and entered an nice long spam email message in the place of their name?

That is only way way to exploit the script.

Second question. What is the switch statement for? It doesn't appear to have a purpose.

Third: Do you have the settings in your php.ini pointing to qmails sendmail interface thing? Can't remember what you would call it at the moment. It should be at like /usr/bin/sendmail

-Michael

[localrec]

I've checked the /usr/bin/sendmail and that's correct the best I can tell. I'm really at a loss as to why it's not working at all.

I'll forward the security notes on to the web guy, though. Thanks!!

Quote:

Originally Posted by michaeln

Is this a script just anyone can fill out? If so you need to add some input checking into the script as it is a bit exploitable the way it is written.

What if someone entered:
one@email.com;two@email.com;three@email.com;four@email.com
etc. and entered an nice long spam email message in the place of their name?

That is only way way to exploit the script.

Second question. What is the switch statement for? It doesn't appear to have a purpose.

Third: Do you have the settings in your php.ini pointing to qmails sendmail interface thing? Can't remember what you would call it at the moment. It should be at like /usr/bin/sendmail

-Michael