Dnia 19.10.2020 o godz. 21:12:20 John Fawcett pisze: > Sorry not to be able to give a definitive answer. Typical mail injection > via php will use a script that already calls the php mail function or > similar functions that open the smtp connection. But there are other > attack vectors that are possible that allow hackers to gain the > privileges of the web server user.
Very often hackers abuse web pages that allow users to upload files to the web server. If the input is not correctly sanitized, it may be possible to upload an arbitrary php script and get it executed. There were multiple attacks based on this scenario. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
