Zend PHP 5.3 Certification Exam
Functions and Arrays
Object Oriented Programming
Data Format & Types
Strings and Patterns
Databases and SQL
Web Features 1
Which of the following is a PHP script vulnerability of the mail() function that can occur in Internet applications that are used to send email messages?
Answer option D is correct.
Email injection is a PHP script vulnerability of the mail() function that can occur in Internet applications that are used to send email messages. When a form is added to a web page that submits data to a web application, a malicious user may exploit the MIME format to append additional information to the message being sent, such as a new list of recipients or a completely different message body.
Because the MIME format uses a carriage return to delimit the information in a message, and only the raw message determines its eventual destination, adding carriage returns to submitted form data can allow a simple guestbook to be used to send thousands of messages at once. A malicious spammer could use this tactic to send large numbers of messages anonymously.
Email injection is a security vulnerability of mail() function that can occur in internet applications.
Answer option C is incorrect. SQL injection refers to attack on database without your knowledge.
Answer option B is incorrect. Email Bomber sends unlimited amount of mails to the target.
Answer option A is incorrect. Email Scheduler script can send lots of emails at a particular time.
© 2013 Zend PHP Certification Exam