1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

[FIXED] osCommerce Email Injection - Spammers Abusing contact_us.php

Discussion in 'PHP' started by T0PS3O, Dec 19, 2006.

0
  1. #1
    Courtesy of Gary Butler, please install this to avoid having spammers use your server as their spam factory.

    In functions/general.php add this function:

    
function tep_email_injection_check($input) {

  if (eregi("\r", $input) || 

      eregi("\n", $input) || 

      eregi("%0a", $input) || 

      eregi("%0d", $input) || 

      eregi("Content-Type:", $input) || 

      eregi("bcc:", $input) || 

      eregi("to:", $input) || 

      eregi("cc:", $input)) {

    return true;

  } else {

    return false;

  }

}
    PHP:
    Then around line 1189 where the tep_mail function is find:

    if (SEND_EMAILS != 'true') return false;
    PHP:
    And directly below it add:

    
// Custom injection checks
    if (tep_email_injection_check($to_name)) return false; 

    if (tep_email_injection_check($to_email_address)) return false; 

    if (tep_email_injection_check($email_subject)) return false; 

    if (tep_email_injection_check($from_email_name)) return false; 

    if (tep_email_injection_check($from_email_address)) return false;
    PHP:
    This will bail out of sending any mail from your server (front-end osC) if injection is detected.

    I've not posted this to the official bug tracker because last time I did that they just deleted it without any attention.

    Keywords so this thread will rank:

    oscommerce email injection
    oscommerce mail injection
    oscommerce spam prevention
    oscommerce spam injection
    oscommerce contact us spam
    oscommerce prevent spam
    oscommerce contact_us.php spam
     
    T0PS3O, Dec 19, 2006 IP
    clancey likes this.
  2. yantomulia

    yantomulia Peon

    Messages:
    57
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #2
    finally found this thread
     
    yantomulia, Aug 27, 2008 IP
  3. nabil_kadimi

    nabil_kadimi Well-Known Member

    Messages:
    1,065
    Likes Received:
    69
    Best Answers:
    0
    Trophy Points:
    195
    #3
    This thread is almost 2 days old, you bring it back to the top, what's the point !?
     
    nabil_kadimi, Aug 27, 2008 IP
  4. profithost

    profithost Active Member

    Messages:
    484
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    80
    #4
    yes what's the point of that??!
     
    profithost, Sep 1, 2008 IP
  5. Brooke.Coin

    Brooke.Coin Peon

    Messages:
    113
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #5
    I'm sorry in advance for putting it up again.
    But I looked for that for so long that i think he should get a special thank you.

    so, thank you.

    Brooke
     
    Brooke.Coin, Sep 18, 2008 IP
  6. dimitar christoff

    dimitar christoff Active Member

    Messages:
    882
    Likes Received:
    62
    Best Answers:
    0
    Trophy Points:
    90
    #6
    os commerce is simply evil. dated. evil. useless etc.
     
    dimitar christoff, Sep 19, 2008 IP
  7. toufique ahmed

    toufique ahmed Peon

    Messages:
    480
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #7
    oscommerce is just like phpbb once you install it and then you just mess up with to just run it properly!
     
    toufique ahmed, Nov 5, 2008 IP
  8. webmasterr1

    webmasterr1 Peon

    Messages:
    18
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #8
    Also I apologize and thank !
     
    webmasterr1, Dec 31, 2008 IP
  9. seo_specialist

    seo_specialist Guest

    Messages:
    106
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #9
    yes this is very old thread please be careful next time otherwise dp may bann you, its okey it happens sometimes, but hope this code helpful for other members....
     
    seo_specialist, Dec 31, 2008 IP