Re: mysterious line in my script - what does it all mean?

Mumia W. (on aioe) wrote:
On 12/19/2006 11:03 AM, maxwells@xxxxxxxxx wrote:
Randal L. Schwartz wrote:
m writes:
maxwells> #!/usr/bin/perl -w
maxwells> use CGI;
maxwells> $query = new CGI;
maxwells> $sender = $query->param('s');
maxwells> $message = $query->param('m');

maxwells> $mailprog = '/usr/lib/sendmail';
maxwells> open(MAIL,"|$mailprog -t");
maxwells> print MAIL "To: donald\@duck.com\n";
maxwells> print MAIL "From: $sender\n";
( The last three lines were restored after overly aggressive snipping. )
maxwells> print MAIL "Subject: AJAX Mailer\n\n";
maxwells> print MAIL "$message";
maxwells> close (MAIL);

This code can be used to send arbitrary spam to arbitrary addresses.

Mr. Schwartz, Maxwells' program, in its current form, cannot do what you
say because the To: header is hardcoded.

Mr. W, *you* should never be allowed near a CGI program either. The
above program prints USER-ENTERED DATA in the headers of the mail
message. This data is not verified before being printed. Just because
the *programmer* only put a hard-coded address as a To: header, does
not mean the data will not contain additional headers. You honestly
don't think a user could access this script providing a 's' parameter
of "me@xxxxxxxxxxx\nCC: spam_address@xxxxxxxxxxx" ?

Paul Lalli

.

Relevant Pages