Tryign to send mail via a python script by using the local MTA
Heiko Wundram
modelnine at modelnine.org
Mon Sep 16 07:32:35 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 16.09.2013 13:21, schrieb Denis McMahon:
> If he's trying to prove communication works, he might be better off
> using a message subject of "test" and a message body of "this is a
> test message".
Generally, he might be best off if he didn't use os.system() with
string-interpolated (without escaping or any such) and user-specified
(!) parameters to send out the mail using mailx though a sub-shell.
This begs of using his mailer script for code injection as his
web-server user, and I'm amazed that nobody has commented on that so far.
- --
- --- Heiko.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJSNuxTAAoJEDMqpHf921/Sd8IH/2BcapK/dNqbs/PDz3LZLiUS
JYYmNaWSjui7KYJsA/A8R3XVaM0eyHkYI8dr8Jx6hPdPJyeE27MCKddF3GlYs17Z
iO1AydR2J8kYjXgVLrCWtfH3taB6ryUko6sOe1j/u0hYbQOATxuBPvxTVK4Wmi85
1m8unw9NvlTelAREg6WLudqpE9i115dns87+FTNcgNd3ieppJw+Cv2Mp6z3Yn3he
y0W9yMqH1LV4oW/6arZVVIcaWDHCb1I0L++aC8JLnOHYz1osf+34BbHHBcY6Qkty
reon+sWKwrlJ56o8Zi1Lx97ymxXxuvUtJS/5WGpRh/XLWYVBGCX3XA42DKqscQk=
=xENG
-----END PGP SIGNATURE-----
More information about the Python-list
mailing list