[thelist] Mail script exploits WAS: Spam Cop??

Koutoulas, Pete PKOUTOUL at Fayette.k12.ky.us
Thu Feb 13 11:24:00 CST 2003


On Thursday, February 13, 2003 11:24 AM, Jeroen Sangers wrote:

> There are many ways a script can be exploited. I suggest that you
> read about the vulnarabilities in the famous FormMail script
> (www.monkeys.com/anti-spam/formmail-advisory.pdf) so you can decide
> whether one of these problems apply to your script.

I scanned that document, but as far as I can tell any of the exploits
mentioned only work because the Formmail script is designed to send mail to
an arbitrary address or list of addresses specified in hidden form fields.
As I mentioned, my very simple script has my email address hard-coded into
it. The way I see it, the worst thing that can happen is that I get the
occasional flood of blank messages from people messing around with the form.
I don't see how it could be exploited to send mail to any other address but
mine. Am I wrong?

    [ pete ]

This student or staff email originated from Fayette County Public Schools in
Lexington, KY.
Please report instances of abuse or inappropriate content to
postmaster at fcps.net




More information about the thelist mailing list