[Users] That won't work.
Paul
claws at thewildbeast.co.uk
Sun Oct 11 13:13:41 CEST 2020
On Sun, 11 Oct 2020 01:31:08 +0200
claws at dragony.name wrote:
> So far it works with every case I have tested.
>
> BUT DON'T USE IT! There is a major security hole by using this exactly the
> way I have posted.
>
> Imagine someone knows about your little hack and sends you a mail with
>
> To: bad at hacker.com'; rm -rf /* ;'
>
> And your day is ruined...
Now you're just TROLLING.
If you used %to in the template like I said, and someone knew this "little
hack" as you call it, what would happen is that the From field would contain:
bad at hacker.com'; rm -rf /* ;'
That rm -rf /* would not be executed.
So, please, do the checking yourself before spreading FUD.
with regards
Paul
More information about the Users
mailing list