Home/ Questions/Q 6018045
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T03:13:02+00:00

We have a simple php file that captures emails. It drops these emails into

  • 0

We have a simple php file that captures emails. It drops these emails into a csv file (which is not executable by php). We recently had someone who managed to hack our site and this seemed like one of the entry points, but I don’t see how it’s possible. Here’s the script:

$fh = fopen('cap.csv', 'a+');
fwrite($fh, "\r".$_GET['email']);
fclose($fh);

Pretty basic right? Is there anyway you can think of to exploit this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yes, but probably not what you are looking for.

    The only things I could do are:

    1. Add anything to your file, append only.
    2. (optional/bonus) Open the file directly if you haven’t secured it and steal all e-mail addresses.

    It won’t allow me to execute anything, or gain access to anything though. (Unless you process it and cause an leak somewhere else). But still – make this secure!

    • 0