EmailSender / submit.php
0xRoM on 8 Sep 2023 3 KB first commit

// Define the known MD5 hash for the password
$knownPasswordHash = '098f6bcd4621d373cade4e832627b4f6'; // test == 098f6bcd4621d373cade4e832627b4f6
$uploadDirectory = 'uploads/'; // Replace with your desired upload directory

// Check if the request is a POST request and the password is provided
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['pass'])) {
    // Get the password from the form data
    $password = $_POST['pass'];

    // Verify the password against the known MD5 hash
    if (md5($password) === $knownPasswordHash) {
        // Check if the required fields are set
        $requiredFields = ['from_email', 'to_email', 'subject', 'plaintext_content'];
        $missingFields = [];

        foreach ($requiredFields as $field) {
            if (!isset($_POST[$field]) || empty($_POST[$field])) {
                $missingFields[] = $field;

        // If there are missing required fields, return an error message
        if (!empty($missingFields)) {
            echo "Mising required data (from email, to email, subject and plaintext content) ";
        } else {
            // All checks passed, proceed to send the email
            $fromEmail = $_POST['from_email'];
            $toEmail = $_POST['to_email'];
            $message = $_POST['plaintext_content'];
            $subject = $_POST['subject'];

            if (isset($_POST['html_content'])) {
                $htmlContent = $_POST['html_content'];
                $mail = new Mail($toEmail, $fromEmail, $subject, $message, $htmlContent);
                $mail = new Mail($toEmail, $fromEmail, $subject, $message, $htmlContent);

            // Additional processing for dynamic headers (if present)
            foreach ($_POST as $key => $value) {
                if (strpos($key, 'header_name_') === 0) {
                    $id = substr($key, strlen('header_name_'));
                    $headerName = $value;
                    $headerValueKey = 'header_value_' . $id;
                    if (isset($_POST[$headerValueKey])) {
                        $headerValue = $_POST[$headerValueKey];
                        $mail->add_header($headerName.": ".$headerValue);

            // Check if an attachment is provided
            if (isset($_FILES['attachment']) && $_FILES['attachment']['error'] === 0) {
                // Handle the uploaded file
                $uploadedFile = $_FILES['attachment'];
                $uploadedFilePath = $uploadDirectory . $uploadedFile['name'];

                // Move the uploaded file to the desired directory
                if (move_uploaded_file($uploadedFile['tmp_name'], $uploadedFilePath)) {
                    // Add the attachment to the email
                } else {
                    echo "Failed to upload the attachment.";

            // Send the email
            if ($mail->send()) {
                echo "Success";
            } else {
                echo "Failed to send the email.";
    } else {
        echo "Invalid password.";
} else {
    echo "Invalid request.";