Php Mb Send Mail Parameter Tampering
Description
This detector identifies PHP `mb_send_mail` function calls that are vulnerable to parameter tampering attacks. The vulnerability occurs when user-controlled input is passed to the `to` parameter or `headers` parameter without proper validation, allowing attackers to inject malicious email headers or redirect emails to unintended recipients.
Detection Strategy
• Identifies calls to PHP's `mb_send_mail` function in the codebase
• Checks if the `to` parameter (recipient) contains user-controllable data that could be manipulated by attackers
• Checks if the `headers` parameter contains user-controllable data that could allow header injection attacks
• Reports vulnerability when either the `to` or `headers` parameters are populated with unsafe, user-controlled input that lacks proper sanitization
Vulnerable code example
<?php
// VULNERABLE: Direct user input as recipient
mb_send_mail($_POST['email'], "Reset", "Click here");
// VULNERABLE: User input in variable as recipient
$to = $_POST['email'];
mb_send_mail($to, "Notice", "You have mail");...✅ Secure code example
<?php
// SAFE: Validate and sanitize email before using as recipient
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if ($email) {
mb_send_mail($email, "Reset", "Click here"); // Safe after validation
}
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.