Is there any injection vulnerability in the body of an email?

Question

AFAIK there is only a vulnerability within the HEADERS of an email when using user data correct?

I am using the below function to sanitize my data, however I have so

Answer 1

Something that might also happen is dynamic MIME change. When we send mail we usually define Content-type in our script, example:

Content-type: text/html;charset=UTF-8

The catch is - "Content-Type" header can be re-defined as multipart/mixed (or multipart/alternative or multipart/related), even though it was previosly defined.

Example - imagine that someone types this into email body field on your contact page:

haxor@attack.com%0AContent-Type:multipart/mixed;%20boundary=frog;%0A--frog%0AContent-Type:text/html%0A%0AMy%20Message.%0A--frog--

What this will do - when user receives this message, he'll only see spammer's message ( the one delimited by "--frog"), as per mime multipart/mixed specification. Original "contact" message that developer perhaps hardcoded - will be inside of the email as well, but will not be displayed to the recipient.

This way spammers can send spam from other people's domains. Especially if it's some sort of: "send it to your friend." form.

Also - when filtering mail headers, I use (a bit shorter I guess than what you have there):

preg_replace( '/\s+/', "", $text )