On Wed, 25 Aug 1999, KEVIN MCKENZIE wrote:

> A simple cgi script with the appropriate job command can also bypass the
> list header per se and not generate the confirmation.  If it is sent to do
> a sendmail with the listpass word it won't send the confirmation request.
>
> // JOB PW=XXXXXXXX
> add Some_List-L [log in to unmask] Joe Blow
> // EOJ
>
> If the script generated a mail message to your listserver with the above
> body, (obviously replacing the XXXXX with the list password, and a real
> persons address, you can hide these in the script or make the person enter
> them to be added), then no confirmation request would be generated, and the
> person added to the list.

        This is SCARRY.  Any web input form with no confirm I consider
really bad, but this could possibly be used really maliciously...  I'm not
sure it's worth it at all...

                                                        Jessica

--
Jessica Rasku, Box 270, Rossland, B.C., V0G 1Y0, (250) 362-5701,
LinuxBox: (250) 362-9668.

List manager: [log in to unmask]
     send command help ---- To get help with majordomo
               or lists ---- To get a list of all lists on server.

WWW: <http://www.geocities.com/RainForest/Andes/8749>