Check website forms on vulnerability for header-injection and make them secure.
Website was searched by provider and found vulnerable for header-injection (not specified). The scope is limited there are only 4 forms where header information is collected (8 because site is bilingual, but the changes will be the same for both). 3 of these forms are collecting email addresses for 2 different newsletters (1 form is the same on different pages), another form collects a recipient name and subject for sending ecards.
I think the job will be to remove the line feeds and carriage returns in the posted header info or take otherwise needed measures. This job is urgent because sending of emails from webserver is no longer possible until forms are fixed (I have to specify the taken actions)
If job is accepted I will give url of the website, and send directories in which forms are located. I will indicate where the email send functions are, but please check for yourself because I’m not an experienced coder. Then please check and repair and document the changes. I will implement changes on the site and notify provider. If provider tests are passed I will pay.
1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done.
2) Deliverables must be in ready-to-run condition, as follows (depending on the nature of the deliverables):
a) For web sites or other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment.
b) For all others including desktop software or software the buyer intends to distribute: A software installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request.
3) All deliverables will be considered "work made for hire" under U.S. Copyright law. Buyer will receive exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement).