Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Vulnerability: SocialEngine (SocialEngine. net) high risk security flaw

[DSECRG-08-031] Local File Include Vulnerability in Interact 2.4.1

MyBlog <=0.9.8 Multiple Vulnerabilities

EZWebAlbum (dlfilename) Remote File Disclosure Vulnerability

From:	Peter Wiesen <broken-error_(at)_hotmail.com>
Date:	22.07.2008
Subject:	E-Mail header Injection in HiFriend

------------------------------------
-------Header Injection----------
------------------------------------

Script: hifriend.pl
Vendor: Hibyte
SoftwareVersion: The free one you get from many webpages
Dork: "hifriend.pl" + "cgi-bin"


------------------------------------
---------------Infos---------------
------------------------------------

This Exploit allows you to:

* send spam
* send fakemails
* E-Mail spoofing

Whit the google dork, you find a lot of pages using HiFriend.
A lot of Servers to send spam with.
Modify the source of the Exploit to change the message, your
spoofed e-mail, and the receiver.

Oh and you can send multiple mails!
Just put a comma behind a mail adress.


------------------------------------
--------------Exploit---------------
------------------------------------

http://perforin.dark-codez.com/Perl-Scripts/hifriend-xploit.txt


------------------------------------
---------Visit & Greetings--------
------------------------------------

www.DarK-CodeZ.com

Greetings to all my Friends ;)

_________________________________________________________________
Testen Sie Live.com - die schnelle, personalisierte Homepage, über die Sie auf alle für Sie
relevanten Inhalte zentral zugreifen können.
http://www.live.com/getstarted