On 4/14/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
* Paolo Supino <[EMAIL PROTECTED]> [2007-04-14 16:43]:
> 1. Fixing the code is impossible :-( I already tried it, the developers
> keep saying that they're code is sound and safe. I've shown logs and
> statistics to the bosses of the company that owns the webapp, but the
> only response I got was: "fix it" (they aren't making the connection
> between the webapp and the spam emails). The only thing I can do to
> prove my point is exploit the webapp in front of them, but I don't know
> how to do that.
then you should obviously find out how to do the latter.
you cannot fix this problem without fixing the buggy application.
A word of caution: Don't get yourself fired in the process.
Be very certain that you have written approval to "break in"
when you demonstrate how the webapp can be misused
by spammers.
--
Eke Nordin, moose (a) {stacken.kth|enting|netia} (o) se
