Closed Thread Icon

Topic awaiting preservation: Matt's CGI Form Mail Script Pages that link to <a href="https://ozoneasylum.com/backlink?for=24153" title="Pages that link to Topic awaiting preservation: Matt&amp;#039;s CGI Form Mail Script" rel="nofollow" >Topic awaiting preservation: Matt&#039;s CGI Form Mail Script\

 
Author Thread
Rondavu
Nervous Wreck (II) Inmate

From: Haverhill, MA, USA
Insane since: Dec 2002

posted posted 11-22-2004 21:58

I am building a static site that requires I use a CGI form mail script. The trouble I'm having is that I can't control who the form results are being emailed to. The script requires a variable called "recipient" to be sent to it from the static form page. I set "recipient" as the email addresses (jc@labelsinc.com, bchester@labelsinc.com) that I wanted to send to. The CGI script itself has no email addresses in it. It only processes what you send it through the "recipient" variable. Instead the form results get sent to csnow@labelsinc.com. What gives?

The form is located here... http://www.labelsinc.com/newsite/expertform.html

Look at the source code and you will see a hidden field where I designated the value of "recipient"

Press submit, and you will see the following.....


www.labelsinc.com Email Sent
The following message has been sent.
------------------------------------------------------------------------


Reply-to: csnow@labelsinc.com (Auto mail)
From: csnow@labelsinc.com (Auto mail)
To: csnow@labelsinc.com
Subject: FORM results



(SFNextURL) /main.html
(recipient) jc@labelsinc.com, bchester@labelsinc.com
(To) jc@labelsinc.com, bchester@labelsinc.com
(shape) select here...
(secondaryprint) select here...
(material) select here...
(protectivecoating) select here...
(adhesive) select here...
(surface) select here...
(exposure) select here...
(sterilization) select here...
(labelsinc) submit


So why is it that the results were sent to csnow@labelsinc.com, when csnow was not designated to recieve the form results, and wasn't the value of "recipient"? What is "automail"?

JKMabry
Maniac (V) Inmate

From: raht cheah
Insane since: Aug 2000

posted posted 11-23-2004 04:48

Matt's FormMail contains a vulnerability that can allow your form to be used as an open relay for spammers to send mass mail through, you should try http://nms-cgi.sourceforge.net/scripts.shtml instead.

Also, putting the email address in the actual markup of the page will allow spambots to harvest the addresses, the script above will remedy that as well by putting the addresses into an array in the script itself and assigning them a number, then you just reference the number in the html.

Sorry to not help with the situation at hand but I'm sure you'll find that the script above is almost a drop in replacement for Matt's and you may have better luck with it to boot. If you have similar problems with the new script we'll dig into it!

Rondavu
Nervous Wreck (II) Inmate

From: Haverhill, MA, USA
Insane since: Dec 2002

posted posted 11-23-2004 14:47

Thanks Jason, I'll try out your script. My company's website service provider is extremely stupid. I called the guy about it, and he acted dumb the whole time. It was evident by our conversation I was better off asking him how many blizzard flavors they have at Dairy Queen.

I'll see if your solution offers a different result. At least it's something, and I gave you a little entertainment in return.

Rondavu
Nervous Wreck (II) Inmate

From: Haverhill, MA, USA
Insane since: Dec 2002

posted posted 11-23-2004 15:16

Here was the resulting page after the new formmail was installed and used. Unfortunately, it still sends the email to someone I didn't list in the perl script. It sends it to csnow@labelsinc.com as it did before. Is there any other explaination for why this is happening? I assume it has nothing to do with the actual script now.

The following message has been sent.
------------------------------------------------------------------------


Reply-to: csnow@labelsinc.com (Auto mail)
From: csnow@labelsinc.com (Auto mail)
To: csnow@labelsinc.com
Subject: FORM results



(SFNextURL) /main.html
(recipient) 1, 2
(To) 1, 2
(companyname) TEST
(shape) select here...
(secondaryprint) select here...
(material) select here...
(protectivecoating) select here...
(adhesive) select here...
(surface) select here...
(exposure) select here...
(sterilization) select here...
(labelsinc) submit

(Edited by Rondavu on 11-23-2004 15:18)

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 11-23-2004 16:41

well, I assume your perl script makes use of a 'special' sendmail, configured to only mail to csnow@labsinc.com - but that's something you'd have to ask your host about.

Rondavu
Nervous Wreck (II) Inmate

From: Haverhill, MA, USA
Insane since: Dec 2002

posted posted 11-23-2004 17:31

I don't think that's possible Tyberius. I'm now using the Perl script suggested through this thread. I trashed the old one my host installed. Maybe I'm just not understanding what you mean. Would a special sendmail be something that is inside the perl script, or are you talking about something server side exclusive of the script.

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 11-23-2004 20:09

Ok, sendmail is a program on unix systems that handles the actual sending of mails.
I could envision hosts having a restricted version of sendmail that can only send to/from specified addresses, depending on the user it's running under - but you'll have to ask your host.

Rondavu
Nervous Wreck (II) Inmate

From: Haverhill, MA, USA
Insane since: Dec 2002

posted posted 11-23-2004 20:54

Thanks a lot Tyberius. I called to ask my host about that, and it spawned some productive curiousity in the staff. In case your interested in the solution, my form action was sending to a globalized CGI bin on the server, instead of my own CGI bin where I had designated the proper email addresses in my perl script. It therefore defaulted to sending the form results to the name on the account, or csnow@labelsinc.com. Thank you for your time. It helped to find a solution.

JKMabry
Maniac (V) Inmate

From: raht cheah
Insane since: Aug 2000

posted posted 11-23-2004 21:14

oops, my bad, I should have been able to diagnose that problem had I looked at the form action. Glad you got things worked out!

« BackwardsOnwards »

Show Forum Drop Down Menu