News Register Control Panel Private Messages Members List Team Search News Posts About Us 		 

PHP-Nuke mail CRLF Injection vulnerabilities
  Author: Ravish Ahuja
 Added: 12/21/2002
 Type: Advisory
 Viewed: 383 time(s)
 Average visitor rating of 8.7/10Average visitor rating of 8.7/10Average visitor rating of 8.7/10Average visitor rating of 8.7/10Average visitor rating of 8.7/10Average visitor rating of 8.7/10Average visitor rating of 8.7/10Average visitor rating of 8.7/10Average visitor rating of 8.7/10Average visitor rating of 8.7/10
Summary

PHP-Nuke has got four functions that allow restricted sending of
e-mails: Feedback, Recommend Us, Send (news item) to a Friend and
Send this Journal to a Friend. They either restrict who you can send
e-mails to or what message you can send to them. They are open for
anonymous users as well as regular users.

By submitting special data, an attacker can escape these restrictions
and use someone else's PHP-Nuke installation to send HTML e-mails
to any recipient with any message that they like.

Article Pages:  � Prev | 1 | 2 | 3 | 4 | 5 | Next �  


How would you rate this article:    Bad Good   Go � 


� Copyright Linux Advisory 2003. All rights reserved.
We are not responsible for the comment and story contributed by users.