[PHP-BUG] Bug #51705 [NEW]: Insecure function without any kind of authentication

Fri, 30 Apr 2010 06:42:41 -0700 

From:             
Operating system: ANY
PHP version:      5.3.2
Package:          Mail related
Bug Type:         Bug
Bug description:Insecure function without any kind of authentication

Description:
------------
<?php

$to      = 'nob...@example.com';

$subject = 'the subject';

$message = 'hello';

$headers = 'From: someonee...@example.com' . "\r\n" .

    'Reply-To: webmas...@example.com' . "\r\n" .

    'X-Mailer: PHP/' . phpversion();



mail($to, $subject, $message, $headers);

?>

One can mail anyone using someone else's email address without
authentication. No password is required.   

$to = 'anyb...@example.com'

'From: someonee...@example.com'





"SERIOUS SECURITY ISSUE"

Bug detected By: DEVESH GOYAL

Expected result:
----------------
Must ask for password for the email address which is used in 

'From: someonee...@example.com'





"SERIOUS SECURITY ISSUE"

Bug detected By: DEVESH GOYAL


-- 
Edit bug report at http://bugs.php.net/bug.php?id=51705&edit=1
-- 
Try a snapshot (PHP 5.2):            
http://bugs.php.net/fix.php?id=51705&r=trysnapshot52
Try a snapshot (PHP 5.3):            
http://bugs.php.net/fix.php?id=51705&r=trysnapshot53
Try a snapshot (PHP 6.0):            
http://bugs.php.net/fix.php?id=51705&r=trysnapshot60
Fixed in SVN:                        
http://bugs.php.net/fix.php?id=51705&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=51705&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=51705&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=51705&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=51705&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=51705&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=51705&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=51705&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=51705&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=51705&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=51705&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=51705&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=51705&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=51705&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=51705&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=51705&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=51705&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=51705&r=mysqlcfg

Reply via email to