[Mimedefang] OT: Don't let this happen to you

Jan Pieter Cornet johnpc at xs4all.nl
Wed Feb 15 10:45:07 EST 2006

On Wed, Feb 15, 2006 at 08:54:59AM -0600, Jim McCullars wrote:
> > It's an old and well-known exploit. You can find a secure replacement
> for
> > the old Formmail here:
>    I may not have been as clear about this as I should have been.  This
> was not an exploit against the FormMail script from Matt's Script Archive.
> It was something called PHP FormMail Generator (which in spite of its name

This attack uses (some of) the same bugs as exploited in the FormMail.pl
script from Matt's Script Archive, but this is a completely new variety
because spammers are actively searching for exploitable formmail scripts
in any language, by automatically trying each script and inserting fake
headers in each successive form field, and seeing which ones are
susceptible to the attack, and in which way.

I've seen it happening since about september last year.

#!perl -wpl # mmfppfmpmmpp mmpffm <pmmppfmfpppppfmmmf at fpffmm4mmmpmfpmf.ppppmf>
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;                                # Jan-Pieter Cornet

More information about the MIMEDefang mailing list