Discussion:
SQL attack on a formmail
(too old to reply)
The Doctor
2021-12-10 17:17:58 UTC
Permalink
All right. a formmail form was attacked by a Russian
hacker on Monday using some SQL script.

Anyone seen this before?
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b
Merry Christmas 2021 and Happy New Year 2022 Beware https://mindspring.com
Grant Taylor
2021-12-10 17:34:49 UTC
Permalink
a formmail form was attacked by hacker on Monday using some SQL script.
What /precisely/ is formmail in this context?

I ask because I've seen a number of things called "formmail" over
decades, with wildly different capabilities and defenses.
Anyone seen this before?
Yes. I've seen many ... problems ... with various formmail
implementations over the years. Many of the ones that I looked at in
the '00s were -- IMHO -- rooted in formmail trying to be a generic form
handler to send email. The generic nature of it's attempt to be a
simple target to post form content to as a handler made it more than a
little vulnerable. Especially considering that clients could see just
about any if not all protection mechanisms in the page that used formail
as a form action.

I generally avoided such generic formmmail things for that reason and
tended to write specific implementations that hard coded some aspects
(like the target email address) which made it a LOT harder to exploit.

Aside: I'm not quite sure how SQL fits into this overall discussion.
Maybe the version of formmail that you're dealing with uses SQL as a
backend for something. Maybe someone exploited an SQL server and
induced it to do something it shouldn't. There's a LOT of room for
interpretation.
--
Grant. . . .
unix || die
Loading...