Is anyone on the list using "formmail" CGI script on their RH Apache implementations?
Marty Landman
MLandman at face2interface.com
Wed Jan 26 15:50:51 UTC 2005
At 09:59 AM 1/26/2005, Jason Dixon wrote:
>I don't use FormMail.pl. As best I recall, it has had a history of
>security holes.
I believe the major problem is when you specify the recipient on a hidden
form field. This makes a script available for hijacking to send spam from;
stealing the webmaster's bandwidth and damaging their reputation. Or worse
than that...
Marty
Marty Landman, Face 2 Interface Inc. 845-679-9387
Search & Sort Easily: http://face2interface.com/Products/FormATable.shtml
Web Installed Formmail: http://face2interface.com/formINSTal
More information about the redhat-list
mailing list