flash mail form header injection

Report · May 30, 2013

I've made a flash form, passing it's variables to a php script. To prevent email header injection I'm using this line:

if (preg_match( "/[\r\n]/", $sendFrom ) || preg_match( "/[\r\n]/", $sendTo ) )

So if it finds newlines in the 'from' and 'to' fields, the emailing isn't executed.

Appearently this doesn't work since with it I don't receive the email, but without it I do.

Perhaps in a flash textfield these newlines work a bit differently?

Report · Jun 03, 2013

To complete a header line you need to at least have a \r so you're always going to encounter one.

What you might want to do is explode via \r and count() the array returned. If you have any characters past index 0 that could be an injection. Just use your matching on any character on a second index, preg_match('/./',$returnedArr[1]).

flash mail form header injection

Photos