Help | Site Map
| Text size: - +
(Answer) (Category) SpamCop FAQ : (Category) Help for abuse-desks and administrators :
Formmail
Formmail.pl, one of the most-used perl scripts on the Web, is designed to send data entered into a Web form to an e-mail address. This script could be exploited by a malicious user who could use Formmail as a spam server. If you use this script, spammers may be able to use it to send spam freely using your server's resources.

A paper (long) explaining the FormMail vulnerability is available at http://www.city-fan.org/ftp/contrib/websrv/formmail-advisory.pdf

Secure fixes are available from:

http://nms-cgi.sourceforge.net/

[Append to This Answer]