Answer the question
In order to leave comments, you need to log in
Variable to the recipient's address in phpmailer.php, how to close the vulnerability?
Good afternoon)
The essence of the problem is this:
A site on WP, a feedback form is used.
At the same time, on some pages the recipient addresses are different, that is, in the settings of a particular page there is a field for entering a mail address specifically for this page - the recipient address is expressed by a variable, implemented through redux .
Sending letters goes through the usual phpmailer (5,2,22)
Everything is configured and works correctly
But due to the fact that the recipient's address is expressed as a variable, bots substitute random addresses and send letters to them from the feedback form. In fact, there is spam to random, not even existing mail addresses.
Example from mail.log logs:
mail() on [/var/www/u0123***/data/www/site.su/wp-includes/cl ass-phpmailer.php:698]: To: [email protected] - Headers: Date: Thu , 6 Dec 2018 17:41:56 +0000 From: Mikhail Message-ID: X-Mailer: PHPMailer 5.2.22 (github.com/PHPMailer/PHPM... MIME-Version: 1.0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
In this example, sending goes to an incomprehensible address [email protected], all other records have a similar appearance - only the mail addresses change
Examples from access.log logs:
173.249.31.49 – - [ 06/Dec/2018:20:08:47 +0300] "GET / HTTP/1.0" 200 24577 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari /537.36"
173.249.31.49 - - [06/Dec/2018:20:08:49 +0300] "POST / HTTP/1.0" 302 - "site.su/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
Here you can see how the bot entered and left a request, substituting the recipient's email address, which is indicated above.
What can be done in this situation?
Thank you for your attention_)
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question