[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] FormMail Advice

Subject: RE: [cobalt-users] FormMail Advice
From: "Dan Kriwitsky" <list1@xxxxxxxxxxxxxxxxxxxx>
Date: Mon Jun 10 10:42:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> Matt gave me this link: http://www.scriptarchive.com/nms.html 
> 
> As for FormMail.pl 1.92, what specifically is wrong security 
> wise in a 
> nutshell? He is asking me what you think the problems are 
> that haven't been addressed.
> 
 If it's newer than the one posted here:
http://groups.google.com/groups?selm=5bd5b7e0.0205102339.5484e7c9%40post
ing.google.com&output=gplain
then it should be called 1.93. If it's 1.92, apparently it's still open
to abuse. 
Jeff has another version 1.92s at ftp://ftp.nobaloney.net/ AFIK, it
hasn't been hacked. 

Personally, I still use a modified version of the old version, but the
recipient is hard coded into it, so any attempt to forge the recipient=
in a URL won't work.

-- 
Dan Kriwitsky

References:
- RE: [cobalt-users] FormMail Advice
  - From: Fay, Sean

Prev by Date: Re: [cobalt-users] FormMail Advice
Next by Date: Re: [cobalt-users] Site admin unable to loigin.
Previous by thread: Re: [cobalt-users] FormMail Advice
Next by thread: Re: [cobalt-users] FormMail Advice

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index