Hole found in MT CGI

Thanks to Jake for this link. A CGI script in the default MovableType install (mt-send-entry.cgi) can be exploited by spammers in the same way that old FormMail scripts could. Rename it, if you don't use it, or patch it. More info here. There has been no official word from Six Apart on this yet. I didn't even know this functionality existed within MT. I am going to have to look into this.

Posted by Ken Edwards on November 26, 2003 4:16 AM

TrackBack

Listed below are links to weblogs that reference Hole found in MT CGI:

» party poker from party poker
You may find it interesting to visit some helpful info about party poker empire poker [Read More]

Tracked on April 6, 2005 10:26 PM

» eooeeuo from lrmom
iigulev [Read More]

Tracked on April 8, 2005 12:46 PM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Blog Hosting by Meancode Media



Breaking Windows is © 2003
by Ken Edwards and Matt Paprocki. Some Rights Reserved.
Contact Ken: ken [at] meancode [dot] com
Contact Matt: videogamer [at] bex [dot] net

Disclaimer: The opinions expressed on this website are solely those of the author and do not reflect those of any corporation, business entity, group or club the author has ever been associated with. Feel free to quote anything I say but do me the courtesy of a link back (see Creative Commons license).

Search


 Subscribe to RSS Feed

Blogcritics Magazine

Social Networking

View Ken Edwards's LinkedIn profile LinkedIn
View Ken Edwards's LinkedIn profile Twitter
View Ken Edwards's LinkedIn profile Facebook
View Ken Edwards's LinkedIn profile MySpace

Mac Headlines

Read up-to-date headlines on everything Mac.

Content provided by prMac.

ESRB Search

Creative Commons License
This weblog is licensed under a Creative Commons License.
Enhanced with Snapshots