[thelist] Email header injection
M. Seyon
evoltlist at delime.com
Fri Nov 11 08:40:09 CST 2005
Message from Kasimir K (11/11/2005 02:26 PM)
>Nick Wilsdon scribeva in 2005-11-11 13:10:
> > If they can turn the form
> > into HTML they have an opportunity to use HEX characters, which you aren't
> > stripping out there.
>
>But aren't both \n and %0A just different ways of presenting 00001010?
I strip the phrase Content-Type as well as those strings you mentioned.
>bcc: onemoreaddress at hotpop.com
I'll be keeping an eye on this thread as I got a bunch of these last night
with this same bcc address.
regards.
-marc
More information about the thelist
mailing list