Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

<victim>server formmail.pl exploit in the wild

From: Andrew Daviel <andrew () andrew triumf ca>
Date: Thu, 11 Apr 2002 16:06:21 -0700 (PDT)

I've seen an attempt to exploit FormMail.pl version 1.9 (the latest 
official version), viz.

Tue Apr  9 15:40:50 2002
REMOTE_ADDR=172.190.98.15
REQUEST_METHOD=POST
REMOTE_PORT=2768
HTTP_CACHE_CONTROL=no-cache
REQUEST_URI=/cgi-bin/formmail.pl
CONTENT_TYPE=application/x-www-form-urlencoded
CONTENT_LENGTH=2153
Count 1
. 

We will show you how to not only make money online, 
..
subject academics                         NyZ0f
recipient 
<a2888 () hotmail com>vancouver-webpages.com,<a28dan () msn com>vancouver-webpages.com,
etc.

as per
http://online.securityfocus.com/archive/1/252232

I have also seen an extensive credit card fraud spam campaign aimed at AOL 
users exploiting the earlier vulnerability in FormMail.pl version 1.6


Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376
security () triumf ca


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: