Penetration Testing mailing list archives
Re: Web to Email FORM
From: "Bob Radvanovsky" <rsradvan () unixworks net>
Date: Wed, 14 Sep 2005 18:57:13 -0500
If you have PHP capabilities, try "formmail.php" (do a Googlesearch on that script), written by Jim Marshall -- awesome program. -r At Mon, 12 Sep 2005 18:14:57 -0400, you wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hello all, I'm trying to test a web to email form on a site I own. I have one setup for an email list signup and the other as a refer form. They were both setup for automatic emails and MySQL submission for the list, but I found out that may not be the best way to do it. My question is how do I test to see if the scripts I have now (which only send an email to me for manual action on them) are vulnerable to injection into the FROM and HEADER fields. Thanks. ~David - -- David Dischler, Network + http://www.dc-ws.com - ------------------------------------------------- david.dischler () gmail com PGP Fingerprint EDFA D2FF 1C28 37E0 2583 2AAF EEB3 A59F 970E 3CDD -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDJf3h7rOln5cOPN0RArtgAJ9jtNAEzfaq9N0WOvyybOfz488H7wCeKamo wa5ahSSMphcundVYXyim6Gw= =1jJT -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Bob Radvanovsky, CISM, CIFI, REM, CIPS [/unixworks] "knowledge squared is information shared" rsradvan () unixworks com | http://www.unixworks.com (630) 673-7740 [CELL] | (847) 519-5184 [PAGER] | (412) 774-0373 [FAX] ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Web to Email FORM David Dischler (Sep 14)
- <Possible follow-ups>
- Re: Web to Email FORM Bob Radvanovsky (Sep 14)