Home page logo

pen-test logo Penetration Testing mailing list archives

Web to Email FORM
From: David Dischler <david.dischler () gmail com>
Date: Mon, 12 Sep 2005 18:14:57 -0400

Hash: SHA1
hello all,

I'm trying to test a web to email form on a site I own.  I have one
setup for an email list signup and the other as a refer form.  They
were both setup for automatic emails and MySQL submission for the
list, but I found out that may not be the best way to do it.

My question is how do I test to see if the scripts I have now (which
only send an email to me for manual action on them) are vulnerable to
injection into the FROM and HEADER fields.



- --

David Dischler, Network +    http://www.dc-ws.com
- -------------------------------------------------
david.dischler () gmail com      PGP Fingerprint
EDFA D2FF 1C28 37E0 2583 2AAF EEB3 A59F 970E 3CDD
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:


  By Date           By Thread  

Current thread:
  • Web to Email FORM David Dischler (Sep 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]