Salve,
nonostante controlli all'inizio dell'esecuzione di phpmailer la provenienza della richiesta POST, qualche malintenzionato riesce a spedire email con phpmailer
il contenuto della mail:Codice PHP:$url_array = parse_url($_SERVER['HTTP_REFERER']);
if (!eregi (($_SERVER['SERVER_NAME']), $url_array[host])){
echo "<script language=\"JavaScript\" type=\"text/javascript\">alert(\"Invalid POST request !!\"); focus(); top.window.location.href = \"http://".$_SERVER['SERVER_NAME']."\";</script>";
exit;
}
Return-Path: <>
X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on
mail.domain.ext
X-Spam-Level:
X-Spam-Status: No, score=-0.1 required=4.0 tests=ALL_TRUSTED,MISSING_SUBJECT,
SPF_HELO_PASS autolearn=unavailable version=3.1.5
Received: from domain.ext (localhost [127.0.0.1])
by mail.domain.ext (8.13.6.20060614/8.13.6) with ESMTP id kBCNeCOf056238
for <info@domain.ext>; Wed, 13 Dec 2006 00:40:12 +0100 (CET)
Date: Wed, 13 Dec 2006 00:40:12 +0100
To: NAME <info@domain.ext>
Subject:
Message-ID: <5bbe8eab87edcc07838428fa21e05849@domain.ext>
X-Priority: 3
X-Mailer: PHPMailer [version 1.73]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="iso-8859-1"
X-ClamAV: clean
Status:
—–@
ò®–@
ò¯–@
ò°–@
Rispondi quotando