V2EX = way to explore
V2EX 是一个关于分享和探索的地方
Sign Up Now
For Existing Member Sign In
• 请不要在回答技术问题时复制粘贴 AI 生成的内容
This topic created in 4546 days ago, the information mentioned may be changed or developed.
想问的是,如何注入邮件表头,可使我们的程序更安全。
要注入一个“To”表头到网站联系页面的邮箱输入文本框中,常用的注入方式是添加一个新行
[email protected]%0D%0ATo:[email protected]
但这样的结果如下
From: <[email protected]%0D%0ATo:[email protected]>
To: [email protected]
Subject: ...
不是想像中的
From: <[email protected]>;
To: [email protected]
To: [email protected]
Subject: ...
想重现攻击效果,哪里有问题呢?
要注入一个“To”表头到网站联系页面的邮箱输入文本框中,常用的注入方式是添加一个新行
[email protected]%0D%0ATo:[email protected]
但这样的结果如下
From: <[email protected]%0D%0ATo:[email protected]>
To: [email protected]
Subject: ...
不是想像中的
From: <[email protected]>;
To: [email protected]
To: [email protected]
Subject: ...
想重现攻击效果,哪里有问题呢?
 |
1
krafttuc Nov 23, 2013
你的from从表单拿到后做了escape html处理?
|
Select Language