<?php $testData = [ // this is the demo email used in the proof of concept of the exploit '"attacker\" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com', // trying more adresses '"Attacker -Param2 -Param3"@test.com', '\'Attacker -Param2 -Param3\'@test.com', '"Attacker \" -Param2 -Param3"@test.com', "'Attacker \\' -Param2 -Param3'@test.com", '"attacker\" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com', // and even more variants '"attacker\"\ -oQ/tmp/\ -X/var/www/cache/phpcode.php"@email.com', "\"attacker\\\"\0-oQ/tmp/\0-X/var/www/cache/phpcode.php\"@email.com", '"attacker@cebe.cc\"-Xbeep"@email.com', "'attacker\\' -oQ/tmp/ -X/var/www/cache/phpcode.php'@email.com", "'attacker\\\\' -oQ/tmp/ -X/var/www/cache/phpcode.php'@email.com", "'attacker\\\\'\\ -oQ/tmp/ -X/var/www/cache/phpcode.php'@email.com", "'attacker\\';touch /tmp/hackme'@email.com", "'attacker\\\\';touch /tmp/hackme'@email.com", "'attacker\\';touch/tmp/hackme'@email.com", "'attacker\\\\';touch/tmp/hackme'@email.com", '"attacker\" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com', ]; foreach ($testData as $email) { echo "$email: " . (filter_var($email, FILTER_VALIDATE_EMAIL) ? 'Valid' : 'Invalid') . "\n"; }
You have javascript disabled. You will not be able to edit any code.