contact form exploit
There's a growing number of exploits related to e-mail contact forms. One particular exploit targets websites with a contact form that allows the user to enter his e-mail address; and then send his message by mail to a private e-mail address. Therefore the user allows himself to be contacted back by the website he writes to. If the e-mail field is not correctly validated as a real e-mail address, one can exploit this module and create an open SPAM relay. Besides regular e-mail checks via php/perl regular expressions, one can also run this PHP command:
Read the rest of this entry ... (43 words left)
