Jump to content



Recommended Posts

I am looking for a perl script called mailform.pl which is used to convert input form a html form to an email which is sent to the address specified int he html script.


Does anyone know where I can get it? so far I have found links to pages about it, but not the file itself....

Also, where would I need to install it when i DO get it?

Link to comment
Share on other sites

In just taking a brief look on the web I found several scripts called mailform. Some only ran on Windows servers. Some were out of date and possible not secure and some were not freeware. I can't say for sure what one you want. You may want to look for Ultimate Form Mail as it will do the same thing and is more secure than many scripts you will find.


I did find some security flaws in the older versions of mailform that I found. Keep that in mind when looking.

Link to comment
Share on other sites

The information I am sendign over it is not exactly highly classified...

I just need people to enter comments and such on the webpage, hit send and have it arrive in a specified in box...


Looking at whta you suggested, but I don't exactly know php so...

Link to comment
Share on other sites

I didn't mean secure as in keeping your data safe, I was more speaking on abusing the script t take advantage of the server of your account. All of which can lead to your account being suspended. Just be careful of what you install on your account.


And.... Bruce beat me to it.

Link to comment
Share on other sites

DO have one odd question....

How could my account here be blamed for the spam when I was never given an smtp outgoing email server?

Which would mean the spam would have to be generated and sent out form another server i specified wouldnt it?


Not that I am gonna do that you understand...

Just not really understanding how a script that would have to run from another outgoing mail server could affect my site...

Link to comment
Share on other sites

Black Hat (BH) finds your form, and discovers easy vulnerability (that's the scenario).


They automatically post 10,000 names to your form processor. Under normal conditions your form processor is designed to take information posted to it and safely email it to you (or your client). But BH knows how to convince your web script to put those 10,000 names into the BCC of the email that goes out to you.


10,000 people get an email about member elongation, with your return email address. 200 or the 10,000 report you to SpamCop or their ISP. Your server's IP address is banned by AOL, hotmail, Yahoo, and Earthlink.


Your website is terminated for violation of the AUP at TCH.


(Just one scenario)


Or... you have a scipt that determines the recipient at runtime when it receives the 'recipient' variable from a hidden tag in your form... very insecure. BH puts the 10,000 names into the 'recipient' array of data that is posted to your website.


Same end result.

Edited by surefire
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...