[thelist] Mail script exploits WAS: Spam Cop??
patrick
evolt at stoutstreet.com
Thu Feb 13 11:31:01 CST 2003
----- Original Message -----
From: "Koutoulas, Pete" <PKOUTOUL at Fayette.k12.ky.us>
To: <thelist at lists.evolt.org>
Sent: Thursday, February 13, 2003 10:19 am
Subject: [thelist] Mail script exploits WAS: Spam Cop??
> On Thursday, February 13, 2003 11:24 AM, Jeroen Sangers wrote:
>
> > There are many ways a script can be exploited. I suggest that you
> > read about the vulnarabilities in the famous FormMail script
> > (www.monkeys.com/anti-spam/formmail-advisory.pdf) so you can decide
> > whether one of these problems apply to your script.
>
> I scanned that document, but as far as I can tell any of the exploits
> mentioned only work because the Formmail script is designed to send mail
to
> an arbitrary address or list of addresses specified in hidden form fields.
> As I mentioned, my very simple script has my email address hard-coded into
> it. The way I see it, the worst thing that can happen is that I get the
> occasional flood of blank messages from people messing around with the
form.
> I don't see how it could be exploited to send mail to any other address
but
> mine. Am I wrong?
>
Have you followed these tips?
http://www.mailvalley.com/formmail/
Disabling GET, especially.
More information about the thelist
mailing list