Quoting Lisa Bogar ([EMAIL PROTECTED]): > www.8wire.com. Is anyone else familar with this and have you encountered > it? The logs show attacks targeted at the cgi-bin that sent out tons of > porno spam.
Your formmail.pl is a security hazard. Not only does it allow the specification of arbitray recipients by supplying the value which is usually in a hidden field (work around: remove this hidden field and specify the recipient in the code itself) but it also has a few nasty vulnerabilities in other areas. -- Jonas M Luster -- d-fensive networks, Inc. -- http://www.d-fensive.com
