Hole found in MT CGI

Thanks to Jake for this link. A CGI script in the default MovableType install (mt-send-entry.cgi) can be exploited by spammers in the same way that old FormMail scripts could. Rename it, if you don't use it, or patch it. More info here. There has been no official word from Six Apart on this yet. I didn't even know this functionality existed within MT. I am going to have to look into this.

TrackBack

Listed below are links to weblogs that reference Hole found in MT CGI:

» party poker from party poker
You may find it interesting to visit some helpful info about party poker empire poker [Read More]

» eooeeuo from lrmom
iigulev [Read More]

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


Warning: include(/home/meancode/public_html/breakingwindows/footer.php): failed to open stream: Permission denied in /home/breaking/public_html/2003/11/hole_found_in_mt_cgi.php on line 251

Warning: include(): Failed opening '/home/meancode/public_html/breakingwindows/footer.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/breaking/public_html/2003/11/hole_found_in_mt_cgi.php on line 251

Blogcritics Magazine

Social Networking

Mac Headlines

Read up-to-date headlines on everything Mac.

Content provided by prMac.

ESRB Search

Creative Commons License
This weblog is licensed under a Creative Commons License.
Enhanced with Snapshots