E-Mail header Injection in HiFriend

2008-07-22T00:00:00
ID SECURITYVULNS:DOC:20211
Type securityvulns
Reporter Securityvulns
Modified 2008-07-22T00:00:00

Description


-------Header Injection----------

Script: hifriend.pl Vendor: Hibyte SoftwareVersion: The free one you get from many webpages Dork: "hifriend.pl" + "cgi-bin"


---------------Infos---------------

This Exploit allows you to:

  • send spam
  • send fakemails
  • E-Mail spoofing

Whit the google dork, you find a lot of pages using HiFriend. A lot of Servers to send spam with. Modify the source of the Exploit to change the message, your spoofed e-mail, and the receiver.

Oh and you can send multiple mails! Just put a comma behind a mail adress.


--------------Exploit---------------

http://perforin.dark-codez.com/Perl-Scripts/hifriend-xploit.txt


---------Visit & Greetings--------

www.DarK-CodeZ.com

Greetings to all my Friends ;)


Testen Sie Live.com - die schnelle, personalisierte Homepage, über die Sie auf alle für Sie relevanten Inhalte zentral zugreifen können. http://www.live.com/getstarted