On Mon, Sep 23, 2002 at 04:10:48PM -0400, Theo Van Dinter wrote: > Yes, but that wasn't the question. ;) I know about formmail.cgi's > security holes, but I've never seen one where the message comes first, > then a blank "your message below" area. > > I wasn't sure if there was a section in formmail.cgi that lets you > specify a preamble to the message, or if they're, for whatever reason, > trying to forge a formmail.cgi looking mail.
Read the paper by RFG and Jason ... Specifically, the spammer can put the spam inside one of the header lines, which will lead to the result you have described. There might be some residuals at the start of the body. Jost -- | [EMAIL PROTECTED] Please help stamp out spam! | | Postmaster, JAPH, resident answer machine am RZ der RUB | | Pluralitas non est ponenda sine necessitate | | William of Ockham (1285-1347/49) |
msg08054/pgp00000.pgp
Description: PGP signature
