There's a popular perl script for processing web forms into emails. It has some checks to make sure it cannot be used to send spam. Except that it didn't check enough.
The Subject form field can be exploited to send a spam message by sending a subject, followed by a \n and then the headers and body of a spam message. This has been fixed in this version. But the subtag field may still be used to explot this script (maybe, I haven't tried it).
So, it pays to go over what you are posting on your webpage, especially if it was written by someone else.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment