To reply to all of these messages... Patching FormMail to check the referrer
is NOT ample security. It takes about 30 seconds to write a Perl script to
POST to FormMail.pl with a faked HTTP_REFERRER field.
Probably the only useful solution is to hack the script to use an array of
valid email
Yeah, we actually had an incident of that long ago on our webservers, seems
a few people know about it. The problem is two-fold -
1) The FormMail program uses a referrer array as the ONLY security check
for calls to the program (which can be REALLY easily faked).
2) It allows the recipient
ell.
http://www.microsoft.com/%3CIMG%20SRC=javascript:alert(%34window.location:%34%43window.location)%3E.ida
This link, while it seems to work in as far as you can go to the
correct link, the Javascript doesn't get executed on this copy of
Netscape 4.7
-Scott Buchanan
Axe Communications