On Mon, Sep 23, 2002 at 04:10:48PM -0400, Theo Van Dinter wrote:
> Yes, but that wasn't the question. ;) I know about formmail.cgi's
> security holes, but I've never seen one where the message comes first,
> then a blank "your message below" area.
>
> I wasn't sure if there was a section in for
Theo Van Dinter said:
> Has anyone else seen something like this? There's a spam message,
> followed by the standard formmail bit:
Sounds like some spammer read the advisory I cowrote, a few months ago.
There's lots more vulnerabilities like this one.
(Summary: any version of FormMail that is
On Mon, Sep 23, 2002 at 03:38:10PM -0400, Jason Kohles wrote:
> person using the script intended. This way they can send all the spam
> they want that can only be traced back as far as the web server that has
> formmail.cgi installed.
Yes, but that wasn't the question. ;) I know about formmail.
On Mon, 2002-09-23 at 14:33, Theo Van Dinter wrote:
> Has anyone else seen something like this? There's a spam message,
> followed by the standard formmail bit:
>
There are literally thousands of formmail.cgi installations that are
installed with no security, anybody with a knowledge of cgi scri
Has anyone else seen something like this? There's a spam message,
followed by the standard formmail bit:
Below is the result of your feedback form. It was submitted by
Connie Hoang ([EMAIL PROTECTED]) on Monday, September 23, 2002 at 14:27:22
