[thelist] Mail script exploits WAS: Spam Cop??

patrick evolt at stoutstreet.com
Thu Feb 13 11:31:01 CST 2003

----- Original Message -----
From: "Koutoulas, Pete" <PKOUTOUL at Fayette.k12.ky.us>
To: <thelist at lists.evolt.org>
Sent: Thursday, February 13, 2003 10:19 am
Subject: [thelist] Mail script exploits WAS: Spam Cop??

> On Thursday, February 13, 2003 11:24 AM, Jeroen Sangers wrote:
> > There are many ways a script can be exploited. I suggest that you
> > read about the vulnarabilities in the famous FormMail script
> > (www.monkeys.com/anti-spam/formmail-advisory.pdf) so you can decide
> > whether one of these problems apply to your script.
> I scanned that document, but as far as I can tell any of the exploits
> mentioned only work because the Formmail script is designed to send mail
> an arbitrary address or list of addresses specified in hidden form fields.
> As I mentioned, my very simple script has my email address hard-coded into
> it. The way I see it, the worst thing that can happen is that I get the
> occasional flood of blank messages from people messing around with the
> I don't see how it could be exploited to send mail to any other address
> mine. Am I wrong?

Have you followed these tips?

Disabling GET, especially.

More information about the thelist mailing list