On Thu, Mar 28, 2002 at 08:49:23PM -0800, Sidney Markowitz wrote:
| "dman" <[EMAIL PROTECTED]> said:
| > So I'm trying to exploit the script to make the site blacklist
| > itself at dsbl.org. I found a form on the site with the action
| > as "/cgi-bin/formmail.cgi".
|
| It's easy enough to find the details of the exploits of formmail.cgi
| version 1.9 and less using a Google search on the bugTraq mailing
| list archive, for example, but it isn't clear to me that it would do
| any good. The exploit lets you trick the cgi
| script into sending mail to the destination of your choice. But that
| isn't necessarily the same as what you have to do in order to get a
| mail server to send the properly formatted message to DSBL. Not just
| any message will get a mail server
| blacklisted.
The trick is to make the script put the data we want it to in the body
of the message :-).
I took a break from working on the script and read the DNS-Howto (and
chroot-BIND howto).
That site is already in my shiny new personal dnsbl.
Now to notify them via the script ...
-D
--
Be sure of this: The wicked will not go unpunished,
but those who are righteous will go free.
Proverbs 11:21
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
