ChiliJ · Slashdot Mirror

← Back to Users

User: ChiliJ

ChiliJ's activity in the archive.

Stories: 0
Comments: 4
First seen: 2006-02-06
Last seen: 2006-02-11
Profile: (view on slashdot.org)

Comments · 4

Re:Oracle and its security record on Oracle to buy JBoss (and others) · 2006-02-11 03:43 · Score: 1

You said PHP's mail function is vulnerable even when hard-coding everything but the body. Email injections are possible because the attackers are able to modify the string being passed to the email header. This is NOT a PHP problem but rather an SMTP problem. Poorly written scripts is the problem. I don't speak hungarian. But the link you posted has this following code: mail("ideirj@szerver.hu", "Hibabjelentes", $message, "From \"$_POST[nick] It clearly allows posted data in the header. Not your claim that "everything hard-coded but the body" is still vulnerable. The header, recipient, and subject arguments are subject for injection because they all becomes part of an SMTP header, but the body is not! The other link you provided, is that a joke? Googling for it, a decent article I've got is this: http://securephp.damonkohler.com/index.php/Email_I njection
Re:Oracle and its security record on Oracle to buy JBoss (and others) · 2006-02-11 01:46 · Score: 1

It is possible to exploit this vulnerable mail() implementation even if you hardcode everything but the body.
Do you have any reference/proof for that claim?
Spyware scaremongering == business model on Scaremongering over Spyware? · 2006-02-10 04:19 · Score: 2, Informative

Mark Russinovich of sysinternals has an interesting experiment here.
Re:Yeah, like rezising a brush for instance! on GIMP Not Enough for Linux Users? · 2006-02-06 04:29 · Score: 1

Not only that, brush sizes are limited. If working on a larger image or needing a larger brush, there appears to be no choice but to create a larger brush?