Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16627
HistoryApr 08, 2007 - 12:00 a.m.

PMOPB-45-2007:PHP ext/filter Email Validation Vulnerability

2007-04-0800:00:00
vulners.com
9
JSON

Summary

The first Post Month of PHP Bugs vulnerability describes a vulnerability in PHP's new input filtering/validation extension. The FILTER_VALIDATE_EMAIL filter of ext/filter internally uses a wrong regular expression that allows injecting a newline character at the end of the email string.
Affected versions

Affected is PHP 5.2.0 and PHP 5.2.1
Detailed information

The filter extension internally uses the PCRE library for regular expressions. In the FILTER_VALIDATE_EMAIL filter the D modifier is not used. As long the D modifier is not used within a PCRE regular expression the meaning of the $ is not "end of subject" but "end of subject or nearly the end with a single newline at the end".
Proof of concept, exploit or instructions to reproduce

To test for this vulnerability just try the following piece of code.

<?php

$var = "[email protected]\n";

var_dump(filter_var($var, FILTER_VALIDATE_EMAIL));

?>

It should be obvious that the supplied email address should not be considered safe, because it contains a newline at the end which is especially dangerous when put into an email because of the possibility of email injections.
Notes

This vulnerability is also very common in most PHP applications that use preg_match() validation.

This vulnerability is also one of the reasons why we do not recommend using ext/filter for user input filtering/validation. Whenever there is a fault in the code the application might be open for attacks and only the admin of the server is able to fix this. This is especially bad in shared hosting environments.

JSON