Re: Web to Email FORM

From: Bob Radvanovsky (rsradvan@unixworks.net)
Date: Wed Sep 14 2005 - 19:57:13 EDT

• Next message: Curt Purdy: "RE: [lists] What ever happened to the Netbios share scanner utilities?"
• Previous message: Security Focus: "RE: database server audit tools"
• Maybe in reply to: David Dischler: "Web to Email FORM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If you have PHP capabilities, try "formmail.php" (do a Googlesearch on that script), written by Jim Marshall -- awesome program.

-r

At Mon, 12 Sep 2005 18:14:57 -0400, you wrote:
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>hello all,
>
>I'm trying to test a web to email form on a site I own. I have one
>setup for an email list signup and the other as a refer form. They
>were both setup for automatic emails and MySQL submission for the
>list, but I found out that may not be the best way to do it.
>
>My question is how do I test to see if the scripts I have now (which
>only send an email to me for manual action on them) are vulnerable to
>injection into the FROM and HEADER fields.
>
>Thanks.
>
>~David
>
>- --
>
>
>David Dischler, Network + http://www.dc-ws.com
>- -------------------------------------------------
>david.dischler@gmail.com PGP Fingerprint
>EDFA D2FF 1C28 37E0 2583 2AAF EEB3 A59F 970E 3CDD
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.2 (MingW32)
>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
>iD8DBQFDJf3h7rOln5cOPN0RArtgAJ9jtNAEzfaq9N0WOvyybOfz488H7wCeKamo
>wa5ahSSMphcundVYXyim6Gw=
>=1jJT
>-----END PGP SIGNATURE-----
>
>
>------------------------------------------------------------------------------
>Audit your website security with Acunetix Web Vulnerability Scanner:
>
>Hackers are concentrating their efforts on attacking applications on your
>website. Up to 75% of cyber attacks are launched on shopping carts, forms,
>login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
>futile against web application hacking. Check your website for vulnerabilities
>to SQL injection, Cross site scripting and other web attacks before hackers do!
>Download Trial at:
>
>http://www.securityfocus.com/sponsor/pen-test_050831
>-------------------------------------------------------------------------------

Bob Radvanovsky, CISM, CIFI, REM, CIPS
[/unixworks] "knowledge squared is information shared"
rsradvan@unixworks.com | http://www.unixworks.com
(630) 673-7740 [CELL] | (847) 519-5184 [PAGER] | (412) 774-0373 [FAX]

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Curt Purdy: "RE: [lists] What ever happened to the Netbios share scanner utilities?"
• Previous message: Security Focus: "RE: database server audit tools"
• Maybe in reply to: David Dischler: "Web to Email FORM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:54 EDT