|
Security Issue April 22, 2002
Updated: April 24, 2002
Version 1.9 of Matt's formmail.pl script, contained a fix for a security problem that was being used by spammers to send UBE via the script. However the fix did not really address the problem it just made it harder to exploit. I have patched the formmail.pl script and you can download it here:
Download formmail.pl - Patched for Recipient Vulnerability
formmail.pl quick documentation
formmail.pl is a CGI that processes generic HTML form data by processing it and sending it to an Internet email address.
The quick method of setting up the formmail.pl.
<form action="http://www.example.com/cgi-bin/formmail.pl" method=post>
Required:
<input type=hidden name="recipient" value="support@emergence.com">
Optional:
<input type=hidden name="subject" value="Your Subject">
<input type=text name="email">
Complete documentation is available at:
Matt's Script Archive
Example:
<form action="http://www.emergence.com/cgi-bin/formmail.pl" method=post>
<input type=hidden name="email" value="test@emergence.com">
<input type=hidden name="subject" value="Test Example">
Enter your name here: <input type=name name="name">
Enter your e-mail address here: <input type=name name="recipient">
<input type=submit value="Go!">
</form>
|
