Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > web security question.

Reply
Thread Tools

web security question.

 
 
pxlpluker
Guest
Posts: n/a
 
      05-15-2004
I have a friend that was using formmail.pl until last weekend when it
was hacked by spammers with a buffer overflow attack on one of the form
fields. I don't know enough about perl to know how/where the overflow
happened. I do have a raw copy of the data the spammer was using, he was
putting about 40k into a form field to break the script. I am guessing
it broke the script on the regex checking for valid emails or before.
My question is, is python open to such attacks and how to prevent it.
I am working on a web program that will have a email address and will
send an email/s.
would a buffer overflow attack work against python cgi ?

fred



 
Reply With Quote
 
 
 
 
Paul Rubin
Guest
Posts: n/a
 
      05-15-2004
pxlpluker <(E-Mail Removed)> writes:
> I have a friend that was using formmail.pl until last weekend when it
> was hacked by spammers with a buffer overflow attack on one of the
> form fields.


What makes you think it was a buffer overflow bug? formmail.pl is
notorious for having security bugs, but none have been buffer
overflows as far as I know. Are you sure it wasn't some other kind of bug?
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to cast object of type 'System.Security.Principal.GenericIdentity' to type 'System.Web.Security.FormsIdentity'. adupuis@dublin.ie ASP .Net 2 08-31-2007 12:51 PM
Unable to cast object of type 'System.Security.Principal.GenericIdentity' to type 'System.Web.Security.FormsIdentity'. kroyce@ups.edu ASP .Net Security 0 05-01-2007 01:50 PM
web page calls web service - security Mark ASP .Net 1 01-04-2007 08:10 PM
java web start with security web access slc Java 0 07-27-2004 07:45 AM
IT-Security, Security, e-security COMSOLIT Messmer Computer Support 0 09-05-2003 08:34 AM



Advertisments