CleoK Posted April 19, 2004 Posted April 19, 2004 I can quite easily access contact.php in our store.... view the source in my browser.. and save the source off that as an html file to my hard drive... THEN use that form off my hard drive!!! Which means.. spammers can too and combined with scripts.. could send a TON of spams from our server.. using that vulnerable script and sendmail on our server. Any chance.. this same problem exists with orders ??? Any chance of protecting the contact script AND the sendmail used in orders? Thanks in advance for ANY help that can be offered.. and please take note... Those of You with the same vulnerability.. have a real strong chance of losing Your host because of it :(
Mark Evans Posted April 19, 2004 Posted April 19, 2004 I dont understand what you mean. If they save the contact us form.. the worse they can do is send you emails. Can you explain more? Mark Evans osCommerce Monkey & Lead Guitarist for "Sparky + the Monkeys" (Album on sale in all good record shops) --------------------------------------- Software is like sex: It's better when it's free. (Linus Torvalds)
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.