想问的是,如何注入邮件表头,可使我们的程序更安全。
要注入一个“To”表头到网站联系页面的邮箱输入文本框中,常用的注入方式是添加一个新行
[email protected]%0D%0ATo:[email protected]
但这样的结果如下
From: <[email protected]%0D%0ATo:[email protected]>
To: [email protected]
Subject: ...
不是想像中的
From: <[email protected]>;
To: [email protected]
To: [email protected]
Subject: ...
想重现攻击效果,哪里有问题呢?
要注入一个“To”表头到网站联系页面的邮箱输入文本框中,常用的注入方式是添加一个新行
[email protected]%0D%0ATo:[email protected]
但这样的结果如下
From: <[email protected]%0D%0ATo:[email protected]>
To: [email protected]
Subject: ...
不是想像中的
From: <[email protected]>;
To: [email protected]
To: [email protected]
Subject: ...
想重现攻击效果,哪里有问题呢?
Select Language