Answer the question
In order to leave comments, you need to log in
D
D
Daniil Tikhonov2017-11-24 09:36:25
Daniil Tikhonov, 2017-11-24 09:36:25
How to prevent contact form hacking?
There is a small site with a survey - www.drevstat.ru. The resource began to be constantly "hacked" - a huge number of messages come from the site (6,000 emails per day), while the messages contain anything, but not answers to form questions. As explained in the hosting provider's technical support service, "... the attacker literally "felt" a vulnerable script on the site (/include/js/mail.php) and used it to send emails."
Tell me, please, is it possible to somehow protect the resource from such "hacks"?
2 answer(s)
@Konstantin18ko
@Psq
K
Konstantin Malyarov, 2017-11-24 @Konstantin18ko
It is necessary to understand where the mistake was made and close the vulnerability.
P
Psq, 2017-11-24 @Psq
You are passing extra parameters in the POST request (for example, subject).
As a result, you can influence the content of the letter. If you do not filter the data, you can also influence the text of the message itself.
Well, yes, as noted above, nothing prevents you from sending POST requests automatically - put a captcha or some kind of confirmation, in case of emergency.
https://www.owasp.org/index.php/Testing_for_IMAP/S...
Similar questions
I
Igor Bezlepkin2015-12-14 22:36:16
How risky is it to list your PayPal in someone else's store?
1Reply
V
Veritas232018-05-05 01:32:30
Is it possible to crack ".rar", ".zip" archives with a password?
1Reply
A
E
U
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question