[4370] in WWW Security List Archive
Re: Perl System Call HACKS
daemon@ATHENA.MIT.EDU (Evil Pete)
Tue Feb 11 21:55:46 1997
To: Tim Holt <holt@roguewave.com>
cc: www-security@ns2.rutgers.edu
From: Evil Pete <shipley@dis.org>
In-reply-to: Your message of Tue, 11 Feb 1997 09:53:35 -0700.
<3.0.32.19970211095334.007414b4@mail.roguewave.com>
Date: Tue, 11 Feb 1997 14:41:58 -0800
Errors-To: owner-www-security@ns2.rutgers.edu
>>Call 'sendmail -oi -t'.
>>(Oi ignores dots in the body of the message, -t takes all headers
>>from the data stream.)
>>
>
>What happens if you DO put dots in and don't use -oi.
>If you were shelling off the sendmail job, then I can
>see how one could put some hack in, but if you have
>opened sendmail via PERL's open command, and then send
>it the To: From: Subject: and text directly, and DO
>insert a . into the text, what happens to the text
>after the . Nothing I think?
>
maybe nothing? mostly likely nothing. but do you like to gamble?
also what if the in-experienced user placed a ``.'' in a line by itself?
