According to the script at: http://www.l-c-u.com.ar/cgi-sys/FormMail.cgi
which says:
FormMail-Clone
This is FormMail-clone, a clone of FormMail.cgi. It is a clean room version for legal purposes (a less restrictive liscense), but should behave the exact same way as Matt Wright's Original, but contain none of his code.
it isn't the same script as: http://www.scriptarchive.com/formmail.html
It is nice to see that Matt Wright has finally updated FormMail to be less SPAM friendly, but there have been a few more secure alternatives around for a while - there's even a link to 'NMS' FormMail on the Script Archive page.
Rynho Zeros Web wrote:
#############################################################
Topic: XSS (Cross Site Scripting) on FormMail.CGI Version: 1.92 Released: April 21, 2002 Manufacturer: http://www.scriptarchive.com/formmail.html By XyborG - xyborg@bigfoot.com - http://www.rzweb.com.ar/
#############################################################
Formmai.cgi, it is a utility that serves to send forms by email, among other
uses.
The operation is simple. To see example:
http://www.l-c-u.com.ar/cgi-sys/FormMail.cgi?<script>alert("<center>Sorry,this\nis\nthe\nsecurity\nsite?\nNo_lo_Creo\n\nCyervo_Lamos...");</script>
Duh!
#############################################################
Topic: XSS (Cross Site Scripting) on FormMail.CGI Version: 1.92 Released: April 21, 2002 Manufacturer: http://www.scriptarchive.com/formmail.html By XyborG - xyborg@bigfoot.com - http://www.rzweb.com.ar/
#############################################################
--
regards,
scott buchanan / systems engineer
scott.buchanan@axegroup.com.au
axe group 51a hume street crows nest nsw 2065 australia
abn 62 095 107 814 t +61 2 9966 9336
f +61 2 9966 9337
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify axe group.
