Re: php imap

[Pierre Jaury <pierre () jaury eu>]

Depends on the goal of your application and restriction supposed to be
applied to users. This could pretty much lead to accomplish any
operation made available by the IMAP server.

Even worse : your application could be used as bouncer for any other
protocol as long as first sent IMAP commands do not interfere.

We need more information about your context and needs to evaluate
possible attacks. But yes, this could definitely lead to something.

On Sat, 2011-12-10 at 18:50 +0100, lifel0ver t0mh3t wrote: 
> hi guys!
>
> im infront of an application that communicates over IMAP with a remote 
> server.
> this works simply with fsockopen()
> the applications tries to authenticate then (sending unfiltered input)
>
> could this lead to anything?
> i cant come up with anything
>
> thanks!
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

-- 
Pierre Jaury <pierre () jaury eu> +33(0)1.83.64.80.90
Réalisateur, hébergeur et infogéreur indépendant
Internet hosting, outsourcing and development as a freelancer

Attachment: signature.asc
Description: This is a digitally signed message part