 
|
| Mime-Version: |
1.0 |
| Sender: |
|
| Subject: |
|
| From: |
|
| Date: |
Wed, 25 Aug 1999 20:34:57 -0700 |
| In-Reply-To: |
|
| Content-Type: |
TEXT/PLAIN; charset=US-ASCII |
| Reply-To: |
|
On Wed, 25 Aug 1999, KEVIN MCKENZIE wrote:
> A simple cgi script with the appropriate job command can also bypass the
> list header per se and not generate the confirmation. If it is sent to do
> a sendmail with the listpass word it won't send the confirmation request.
>
> // JOB PW=XXXXXXXX
> add Some_List-L [log in to unmask] Joe Blow
> // EOJ
>
> If the script generated a mail message to your listserver with the above
> body, (obviously replacing the XXXXX with the list password, and a real
> persons address, you can hide these in the script or make the person enter
> them to be added), then no confirmation request would be generated, and the
> person added to the list.
This is SCARRY. Any web input form with no confirm I consider
really bad, but this could possibly be used really maliciously... I'm not
sure it's worth it at all...
Jessica
--
Jessica Rasku, Box 270, Rossland, B.C., V0G 1Y0, (250) 362-5701,
LinuxBox: (250) 362-9668.
List manager: [log in to unmask]
send command help ---- To get help with majordomo
or lists ---- To get a list of all lists on server.
WWW: <http://www.geocities.com/RainForest/Andes/8749>
|
|
|
