NYCPHP Meetup

[Billy Reisinger]

Daniel Convissor wrote:

>Huh?!  Insert headers in the middle of the message body?!  That doesn't 
>make sense to me.  I believe you're misinterpreting the article you 
>mention.  Perhaps I misunderstand things, but the way I see it, I can 
>write "Content-Type: <whatever>" in the middle of message until my fingers 
>fall off and it won't have any impact.  The problem is inserting that into 
>the headers.
>  
>
I know, it's weird; unfortunately, it's true.  There's a specific little 
hack of the Content-type header that lets the hacker do a multi-part 
message.  If you scroll down to about the bottom of the article I 
mentioned, it goes over it in detail.  Again, kind of a brainteaser of a 
hack, so it's worth sitting down and reading in detail.

>
>My (buggy, someone please fix it, I'm short on time now) pseudo-code 
>clears invalid characters from the subject and name plus if the email 
>address is bogus, halts execution.
>
>--Dan
>
Got it.  I misread your previous post!
Cheers,
Billy Reisinger