On Wed, Feb 15, 2006 at 08:54:59AM -0600, Jim McCullars wrote:
> > It's an old and well-known exploit. You can find a secure replacement
> for
> > the old Formmail here:
>
> I may not have been as clear about this as I should have been. This
> was not an exploit against the FormMail script from Matt's Script Archive.
> It was something called PHP FormMail Generator (which in spite of its name
This attack uses (some of) the same bugs as exploited in the FormMail.pl
script from Matt's Script Archive, but this is a completely new variety
because spammers are actively searching for exploitable formmail scripts
in any language, by automatically trying each script and inserting fake
headers in each successive form field, and seeing which ones are
susceptible to the attack, and in which way.
I've seen it happening since about september last year.
--
#!perl -wpl # mmfppfmpmmpp mmpffm <[EMAIL PROTECTED]>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig; # Jan-Pieter Cornet
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
