Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: "Nigerian" SPAM uses vulnerability in web applications?

Re: "Nigerian" SPAM uses vulnerability in web applications?

From: Saqib Ali <docbook.xml_at_gmail.com>
Date: Tue, 12 Jul 2005 20:18:55 -0700

> Today I received several spam reports and I guess they are sent
> through compromised web application of one of our customers.
> The fact is I can't figure out anything from the message headers, also
> from X-abuse headers except the exact time and my IP address.
> There is no strange traffic/cpu activity at that time and I don't find
> any "strange-looking" records in apache access and error logs.
> The email message contains the following text:
> ---------------------------------------------

I can't say much about this, till I see the original headers. i have
received nigerian scam emails from all sources, even web forms that
have been implement in a unsecure fashion.

in my web based email forms, i always include the IP address of the
client making the HTTP POST/GET request. this way i can atleast get
the IP address of the attacker.

also use only POST for all web based email forms. I have seen some
blog/email forms, where CSRF attacks are possible. Try to implement
techniques for minimizing CSRF attacks. 

-- 
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Received on Jul 13 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]