Re: Web to Email FORM

["Bob Radvanovsky" <rsradvan () unixworks net>]

If you have PHP capabilities, try "formmail.php" (do a Googlesearch on that script), written by Jim Marshall -- awesome 
program.

-r

At Mon, 12 Sep 2005 18:14:57 -0400, you wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> hello all,
>
> I'm trying to test a web to email form on a site I own.  I have one
> setup for an email list signup and the other as a refer form.  They
> were both setup for automatic emails and MySQL submission for the
> list, but I found out that may not be the best way to do it.
>
> My question is how do I test to see if the scripts I have now (which
> only send an email to me for manual action on them) are vulnerable to
> injection into the FROM and HEADER fields.
>
> Thanks.
>
> ~David
>
> - --
>
>
> David Dischler, Network +    http://www.dc-ws.com
> - -------------------------------------------------
> david.dischler () gmail com      PGP Fingerprint
> EDFA D2FF 1C28 37E0 2583 2AAF EEB3 A59F 970E 3CDD
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFDJf3h7rOln5cOPN0RArtgAJ9jtNAEzfaq9N0WOvyybOfz488H7wCeKamo
> wa5ahSSMphcundVYXyim6Gw=
> =1jJT
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner: 
>
> Hackers are concentrating their efforts on attacking applications on your 
> website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
> futile against web application hacking. Check your website for vulnerabilities 
> to SQL injection, Cross site scripting and other web attacks before hackers do! 
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------


Bob Radvanovsky, CISM, CIFI, REM, CIPS
[/unixworks] "knowledge squared is information shared"
rsradvan () unixworks com | http://www.unixworks.com
(630) 673-7740 [CELL] | (847) 519-5184 [PAGER] | (412) 774-0373 [FAX]


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------