E-Mail header Injection in HiFriend

Type securityvulns
Reporter Securityvulns
Modified 2008-07-22T00:00:00


-------Header Injection----------

Script: hifriend.pl Vendor: Hibyte SoftwareVersion: The free one you get from many webpages Dork: "hifriend.pl" + "cgi-bin"


This Exploit allows you to:

  • send spam
  • send fakemails
  • E-Mail spoofing

Whit the google dork, you find a lot of pages using HiFriend. A lot of Servers to send spam with. Modify the source of the Exploit to change the message, your spoofed e-mail, and the receiver.

Oh and you can send multiple mails! Just put a comma behind a mail adress.



---------Visit & Greetings--------


Greetings to all my Friends ;)

Testen Sie Live.com - die schnelle, personalisierte Homepage, über die Sie auf alle für Sie relevanten Inhalte zentral zugreifen können. http://www.live.com/getstarted