Where is the exploit?
One of our clients got their contact script exploited with the result of thousands of spam mails sent out through their account. We have explained that the problem is with their programming but they don't want to listen. I am not a php expert hence I can't tell him exactly where the problem is. Do you see anything wrong with the following code?
PHP Code:
<?php
$company = $_POST['company'];
$contact = $_POST['contact'];
$address = $_POST['address'];
$postal = $_POST['postal'];
$city = $_POST['city'];
$state = $_POST['state'];
$phone = $_POST['phone'];
$fax = $_POST['fax'];
$email = $_POST['email'];
$comments = $_POST['comments'];
$from ="From: ".$_POST['email'];
$to = "info@domain.com";
$subject = "New question from domain.com...";
$message = "Company: ".$company."\nContact: ".$contact."\nAddress: ".$address."\nPostal Code: ".$postal.
"\nCity: ".$city."\nState: ".$state."\nTelephone: ".$phone."\nFax: ".$fax."\nEmail: ".$email."\nComments: \n".$comments;
$result = mail ( $to, $subject, $message, $from);
?> 
