I need help adding reply to so when target replies to the email it gets sent to a custom email and not to the spoofed email. Here is the code. The intention of this is to showcase my workplace how easy it is to spoof emails and that they should make their security better (Im new to this forum so please don't judge )
<?php
if (isset( $_POST['submit'])) {
$to = $_POST['toemail'];
$subject = $_POST['subject'];
$message = $_POST['message'];
$fromemail = $_POST['fromemail'];
$fromname = $_POST['fromname'];
$lt = '<';
$gt = '>';
$sp = ' ';
$from = 'From:';
$headers = $from . $fromname . $sp . $lt . $fromemail . $gt;
mail($to, $subject, $message, $headers);
header("Location: index.php?msg= Mail Sent!");
exit();
}
?>
<html>
<head>
<title>Spoof E-Mail using PHP</title>
</head>
<body bgcolor="#ffffcc" style="margin: 0 10%">
<h2 align="center">
Spoof E-Mail using PHP( Script By Arpit )
</h2>
<p style="margin-left:15px">
<form action="index.php" method="POST">
<b>From Name:</b><br>
<input type="text" name="fromname" size="50"><br>
<br><b>From Email:</b><br>
<input type="text" name="fromemail" size="50"><br>
<br><b>To Email:</b><br>
<input type="text" name="toemail" size="50"><br>
<br><b>Subject:</b><br>
<input type="text" name="subject" size="50"><br>
<br><b>Your Message:</b><br>
<textarea name="message" rows="5" cols="46"></textarea><br><br>
<input type="submit" name="submit" value="Send">
<input type="reset" value="Reset">
</form>
</p>
<?php if (isset($_GET['msg'])) {
?>
<script>
alert("Mail Sent!!");
</script>
<?php
} ?>
<h3 align="center" style="color: red;">
Legal disclaimer:<br>Usage of use of this script for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
</h3>
</body>
</html>
Just add it to $headers.
$headers = $from . $fromname . $sp . $lt . $fromemail . $gt;
$headers .= "\r\nReply-to: examplename#example.com";
Related
My hosting provider has contacted me and said one of the sites I have designed is sending spoof emails. Done a little bit of research but I still don't really understand how/what are they are doing to send these spoof emails. However more importantly how should I approach this, would it help if I try and put one of these 'captcha' things in place on the contact form or should I change the code I have on my site. Which is shown below:
<?php
$EmailFrom = Trim(stripslashes($_POST['EmailFrom']));
$EmailTo = "***";
$Subject = "Message to A R C Products";
$Name = Trim(stripslashes($_POST['Name']));
$Address = Trim(stripslashes($_POST['Address']));
$Telephone = Trim(stripslashes($_POST['Telephone']));
$Message = Trim(stripslashes($_POST['Message']));
// prepare email body text
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$Message = "
Name:$Name
Address: $Address
Telephone: $Telephone
$Message";
// send email
$success = mail($EmailTo, $Subject, $Message, $headers);
// redirect to success page
if ($success){
print "<meta http-equiv=\"refresh\" content=\"0;URL=ok.html\">";
}
else{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.html\">";
}
?>
<h2><strong>Contact Us</strong></h2>
<form method="POST" action="contact.php">
<br/>
<p style="margin-top: 0;">Fields marked (*) are required</p>
<p style="margin-top: 0;">Your Email:* <br/>
<input type="text" name="EmailFrom">
<p style="margin-top: 0;">Name:* <br/>
<input type="text" name="Name">
<p style="margin-top: 0;">Address:<br/>
<input type="text" name="Address">
<p style="margin-top: 0;">Telephone:<br/>
<input type="text" name="Telephone">
<p style="margin-top: 0;">Message:*<br/>
<TEXTAREA NAME="Message" ROWS=6 COLS=40>
</TEXTAREA>
<p style="margin-top: 0;"><input type="submit" name="submit" value="Submit">
</form>
Take a look on filter_input to clean your input data. Also i would not use the email from the form as a from address.
$EmailFrom = filter_input(INPUT_POST,'EmailFrom', FILTER_SANITIZE_EMAIL);
I have an Contact us page on my website. what i want is when someone fills the form and click on send button. The message should be arrived to my gmail. i wrote the following code for it. its not working. is there any other way i can accomplish the same.
Html code:
<form id="ContactForm" action="contacts.php" method="post">
<div>
<div class="wrapper"> <strong>Name:</strong>
<div class="bg">
<input type="text" class="input" name="name">
</div>
</div>
<div class="wrapper"> <strong>Email:</strong>
<div class="bg">
<input type="text" class="input" name="email">
</div>
</div>
<div class="textarea_box"> <strong>Message:</strong>
<div class="bg">
<textarea cols="1" rows="1" name="message"></textarea>
</div>
</div>
<span>Send</span> <span>Clear</span> </div>
</form>
php code
<?php
session_start();
$to = "someemail#gmail.com";
$subject = "Someone Tried to contact you";
$message = $_POST['message'];
$fromemail = $_POST['email'];
$fromname = $_POST['name'];
$lt= '<';
$gt= '>';
$sp= ' ';
$from= 'From:';
$headers = $from.$fromname.$sp.$lt.$fromemail.$gt;
mail($to,$subject,$message,$headers);
echo "mail sent";
exit();
?>
Firstly, you should check your inputs for PHP injection.
$message = stripslashes($_POST['message']);
$fromemail = stripslashes($_POST['email']);
$fromname = stripslashes($_POST['name']);
Apart from that, there doesn't seem to be anything wrong with your mail script. The problem is most likely caused from your PHP server. Does your web hosting definitely provide PHP mail? Most free web hosts do not provide this as they are often used for spamming.
Sorry, but your code is crappy (especially, those concatenations). Use Swift mailer which provides OOP-style and does all the header job for you. And make sure you've got any mail server installed (did you check if you have any?).
PHP form:
<?php
header( 'Content-Type: text/html; charset=utf-8' );
// Your Email
$receiver = 'max.mustermann#domain.tld';
if (isset($_POST['send']))
{
$name = $_POST['name']
$email = $_POST['email'];
if ((strlen( $_POST['subject'] ) < 5) || (strlen( $_POST['message'] ) < 5))
{
die( 'Please fill in all fields!' );
}
else
{
$subject = $_POST['subject'];
$message = $_POST['message'];
}
$mailheader = "From: Your Site <noreply#" .$_SERVER['SERVER_NAME']. ">\r\n";
$mailheader .= "Reply-To: " .$name. "<" .$email. ">\r\n";
$mailheader .= "Return-Path: noreply#" .$_SERVER['SERVER_NAME']. "\r\n";
$mailheader .= "MIME-Version: 1.0\r\n";
$mailheader .= "Content-Type: text/plain; charset=UTF-8\r\n";
$mailheader .= "Content-Transfer-Encoding: 7bit\r\n";
$mailheader .= "Message-ID: <" .time(). " noreply#" .$_SERVER['SERVER_NAME']. ">\r\n";
$mailheader .= "X-Mailer: PHP v" .phpversion(). "\r\n\r\n";
if (#mail( $receiver, htmlspecialchars( $subject ), $message, $mailheader ))
{
echo 'Email send!';
}
}
?>
HTML form:
<form action="mail.php" method="post">
Name: <input type="text" name="name" /><br />
Email: <input type="text" name="email" /><br />
Subject: <input type="text" name="subject" /><br />
Message: <textarea name="message" cols="20" rows="2"></textarea><br />
<input name="send" type="submit" value="Send Email" />
</form>
I'm using a template to create my website and it came with a contact page and form all set out but it did not have a php contact script so I wrote that up and set it as the action on the html form and it still won't send me anything to my email... which I have set up through gmail ( i changed the domain email exchange DNS to the gmail settings)
in the html contact form i have the following code:
<div id="contact_form"><form method="post" name="contact" action="contact-form-handler.php">
<label for="name">Name:</label> <input type="text" id="name" name="name" class="required input_field" /><div class="cleaner h10"></div>
<label for="email">Email:</label> <input type="text" id="email" name="email" class="validate-email required input_field" /><div class="cleaner h10"></div>
<label for="subject">Subject:</label> <input type="text" name="subject" id="subject" class="input_field" /><div class="cleaner h10"></div>
<label for="text">Message:</label> <textarea id="text" name="text" rows="0" cols="0" class="required"></textarea><div class="cleaner h10"></div>
<input type="submit" value="Send" id="submit" name="submit" class="submit_btn float_l" />
<input type="reset" value="Reset" id="reset" name="reset" class="submit_btn float_r" />
</form>
and the contact-form-handler.php contains this code bellow to process the html form:
<?php
$to = 'info#jamesreborne.co.uk';
$to .= 'damgxx#gmail.com';
// Assigning data from the $_POST array to variables
$name = $_post['sender_name'];
$email = $_post['sender_email'];
$subject = $_post['sender_subject'];
$text = $_post['sender_text'];
// Construct email subject
$content = 'www.jamesreborne.co.uk Message from visitor ' . $name;
// Construct email body
$body_message = 'From: ' . $name . "\r\n";
$body_message .= 'E-mail: ' . $email. "\r\n";
$body_message .= 'Subject: ' . $subject . "\r\n";
$body_message .= 'Message: ' . $text;
// Construct email headers
$headers = 'From: ' . $email . "\r\n";
$headers .= 'Reply-To: ' . $email . "\r\n";
mail($to, $content, $body_message, $headers);
$mail_sent = mail($to, $content, $body_message, $headers);
if ($mail_sent == true){ ?>
<script language="javascript" type="text/javascript">
alert('Thank you for the message. We will contact you shortly.');
window.location = 'contact.html';
</script>
<?php }
else { ?>
<script language="javascript" type="text/javascript">
alert('Message not sent. Please, notify the site administrator info#jamesreborne.co.uk');
window.location = 'contact.html';
</script>
<?php
}
?>
if anyone can help that would be great, thanks
$subject = $_POST['subject'];
$text = $_POST['text'];
Also there is no form field for name and email. Add that.
There is also an error in the part where you set recipients' emails - they are not separated so the $to variable is info#jamesreborne.co.ukdamgxx#gmail.com. It should me more like this:
<?php
$to = 'info#jamesreborne.co.uk';
$to .= ', damgxx#gmail.com';
First your $to string adds two emails in wrong way,
it should be:
$to = 'info#jamesreborne.co.uk, ';
$to .= 'damgxx#gmail.com';
Even if you correct that you wont get subject and message value. AFAIK $_POST is case sensetive(please correct if wrong). So you will have to make it $_POST not $_post.
Then the names of the inputs in html form and in php code are not matching. They should be:
$name = $_POST['name'];
$email = $_POST['email'];
$subject = $_POST['subject'];
$text = $_POST['text'];
If a input field in form is subject, then
$subject = $_POST['subject'];
NOT
$subject = $_POST['sender_subject'];
EDIT:
If you are still not getting email, then your server might not have mail server installed.
Install postfix and try.
I'm having a bit of an issue with PHP emailing from a HTML form. Can you guys help me? I'm getting the error in 'else' in the $sent variable.
The directories are made like this:
Site
--> HTML
--> webpage.html
--> PHP
--> emailform.php
The fact that it's finding the PHP file seems like that part's ok. I'm not sure what causes it to not send the email though. I'm using a free web host. Maybe this is the issue?
HTML:
<form method="post" action="../PHP/emailform.php" style="width:300px; float:left; margin-top: 50px;">
<div><div>
Navn: <input type="text" name="navn" style="float:right;"/>
</div><br /><div>
Telefonnummer: <input type="text" name="telefon" style="float:right;"/>
</div><br /><div>
Email: <input type="text" name="email" style="float:right;"/>
</div><br /><div>
Bosted: <input type="text" name="bosted" style="float:right;"/>
</div><br /><div>
iPhone-modell: <select name="iphonetype" style="float: right;">
<option value="iphone2G">iPhone 2G</option>
</select>
</div></div><br />
Reparasjoner:<div style="float:right; clear: both;">Bytte LCD/skjerm (1200,-)
<input type="checkbox" name="lcdglass" />
</div><div style="float:left; padding-top:12px;">
Andre kommentarer: <textarea name="kommentarer" cols="34" rows="3"></textarea>
</div><br /><div style="float: left; margin-top: 12px;">
<input type="submit" name="send" value="Send henvendelse" />
</div>
</form>
PHP:
<?php
$to = "email#gmail.com";
$subject = $_REQUEST['iphonetype'] . " reparasjon fra mysite.no";
$email = $_REQUEST['email'];
$message = "Navn: " . $_REQUEST['navn'] . "\nTelefonnummber: " . $_REQUEST['telefon'] . "\nBosted: " . $_REQUEST['bosted'] . "\nLCD/Glass " . $_REQUEST['lcdglass'] . "\nKommentarer: " . $_REQUEST['kommentarer'] . "\n\nMvh,\n" . $_REQUEST['navn'] . "\n" . $_REQUEST['telefon'];
$headers = "From: $email";
$sent = mail($to, $subject, $message, $headers) ; if($sent) {print "Takk. Din henvendelse er mottatt. Du kan fovente å få svar innen 24 timer."; } else {print "Dessverre oppstod det en feil. Kontakt email#gmail.com direkte for reparasjon."; }
?>
I really hope you guys can help me find the error. Thanks!
awardspace.com requires you to use one of your eMail-Accounts, otherwise their SMTP won't let you send mails.
See HERE:
$mymail = “youremail#account.com”;
$headers .= “From:Contact Form <$myemail>\r\n”;
$headers .= “Reply-To: $name <$email>\r\n”;
mail($mymail, $subject, $message ,$headers);
Try to use following headers:
$headers = "From: $email";
$header .= "MIME-Version: 1.0 ";
$header .= "Content-type: text/html \r\n";
I hope it will work.
I have a "tell a friend" pop up email form that allows users to share my page with an email address that they enter. It pops up fine, but I can't get the form to send the email.
html:
<div id="tellfriend">
Close
<form id='tellafriend_form' method="post" action="#sendMessage" name="tellafriend_form">
<label for="name">Your Name:</label>
<input type="text" id="name" name="name" />
<label for="to">Friend's email:</label>
<input type="text" id="to" name="to" />
<label for="subject">Subject:</label>
<input type="text" id="subject" name="subject" />
<label for="message">Message:</label>
<textarea id="message" name="message"></textarea>
<input type="submit" name="submit" value="Submit">
</form>
</div><!-- #tellfriend -->
javascript that handles the "pop up":
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js" type="text/javascript"></script>
<script>
$(function() {
$('#tellfriend').hide();
$('#sendMessage').click(function(e) {
$("#tellfriend").fadeToggle('fast');
});
});
</script>
php that's supposed to send the mail:
<?
if (isset($_POST['Submit'])) {
// This will check to see if the form has been submitted
$senders_name = $_POST['name'];
// The person who is submitting the form
$recipient_friend = $_POST['to'];
// The forms recipient
$subject = $_POST['subject'];
// The subject line
$message = $_POST['message'];
// The message being sent
mail($recipient_friend, "From $senders_name", $subject, $message);
if (isset($_POST['your_email'])) {
echo "<br>Your friend has been contacted <br><br>Thank you $senders_name";
}}
?>
Disclaimer: PHP newbie, hoping to learn. Thanks!
The order of your parameters in mail function is not correct. see this
it should be
mail($recipient_friend, $subject, $message);
if you want to use headers then do this
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'To: '.$recipient_friend.' <'.$recipient_friend.'>' . "\r\n";
$headers .= 'From: '.$sender.' <'.$senderEM.'>' . "\r\n";
Then call mail like this
mail($recipient_friend, $subject, $message, $headers);
You have one error in your PHP code:
if (isset($_POST['Submit'])) {
should be:
if (isset($_POST['submit'])) {
with a lowercase "s".
Indeed the name of you submit button is "submit" but the value is "Submit".
You could eventually do that:
if (isset($_POST['submit']) && $_POST['submit'] == 'Submit') {
And your mail parameters are not correct like boug said.
You have 2 errors
first:
if (isset($_POST['submit']))
// $_POST is case sensitive
second:
if (isset($_POST['your_email']))
// you dont have an inout named 'your_email'