How to pick up email addresses from a feedback form??
Greetings guru's. I have a technical question: I am using a browser(Netscape 2.0.2 Win 3.1) to access a feedback form at www.aaa.com. I fill in my information and hit the submit button. I see the message "connecting to xxx.bbb.com" flash up on the status line before getting a 'done' message. xxx.bbb.com is _not_ a web hosting service for www.aaa.com. I do a 'whois' on www.aaa.com and contact the tech admin who can duplicate this and is very concerned that information from his forms may be routed to xxx.bbb.com. My question is how this might happen?
From my feeble understanding of such things, this would take modifications to the feedback form (ie. www.aaa.com has been hacked), or packet sniffing somewhere along the route from my browser machine to www.aaa.com.
Is there another way to do this? Could a third-party spammer, for example, capture email addresses posted to such a form? Thanks, Tom Porter txporter@mindspring.com
Thomas Porter wrote:
I have a technical question:
Is there another way to do this? Could a third-party spammer, for example, capture email addresses posted to such a form?
Having written a few thousand lines of CGI source, I can see a couple of possible of things happening. First, it could be as innocent as the CGI program (the program that acts on the form's data) is hosted at the bbb.com site. The person at aaa.com may not have permissions to execute cgi-bin programs (or not know how to set them up). I see this as most likely. Unfortunately, the ultimate answer is in the CGI program at bbb.com ... it would be nice to see its source to see if it was [horror!] hacked to e-mail the contents of the form to aaa.com and bbb.com. Packet-sniffing is always possible [not my area of expertise], but who would go to all that trouble just to get e-mail addresses to add to their SPAM list? Our hacker friends can probably shed some more light on this also. Brian
Thomas Porter <txporter@mindspring.com> writes:
Greetings guru's.
Om shanti.
I have a technical question:
I am using a browser(Netscape 2.0.2 Win 3.1) to access a feedback form at www.aaa.com.
You should definitely get a newer version of Windows (or Linux) and a newer version of Netscape, together with a few clues.
I fill in my information and hit the submit button.
I see the message "connecting to xxx.bbb.com" flash up on the status line before getting a 'done' message.
Do a 'view source' in your ancient netscape, and you'll probably see that the submit button lives in a form whose action="http://xxx.bbb.com/some.cgi".
xxx.bbb.com is _not_ a web hosting service for www.aaa.com. I do a 'whois' on www.aaa.com and contact the tech admin who can duplicate this and is very concerned that information from his forms may be routed to xxx.bbb.com.
Is it "his" form? On a big site, the domain contact is likely to have no clue about _all_ the web pages on their site. ...
Is there another way to do this? Could a third-party spammer, for example, capture email addresses posted to such a form?
That's a keeper. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
-----BEGIN PGP SIGNED MESSAGE----- At 06:22 PM 4/21/97 -0500, Brian Durham wrote:
Thomas Porter wrote:
I have a technical question:
Is there another way to do this? Could a third-party spammer, for example, capture email addresses posted to such a form?
Having written a few thousand lines of CGI source, I can see a couple of possible of things happening. First, it could be as innocent as the CGI program (the program that acts on the form's data) is hosted at the bbb.com site. The person at aaa.com may not have permissions to execute cgi-bin programs (or not know how to set them up). I see this as most likely.
Or they may have switched sites and have not changed over the back end code to the new site.
Unfortunately, the ultimate answer is in the CGI program at bbb.com ... it would be nice to see its source to see if it was [horror!] hacked to e-mail the contents of the form to aaa.com and bbb.com.
You can always look at the source of the page and see what sites are contacted. Look at the form tag and see where the cgi code is located.
Packet-sniffing is always possible [not my area of expertise], but who would go to all that trouble just to get e-mail addresses to add to their SPAM list?
If there was a packet sniffer on the line, you would not see it. Packet sniffers are PASSIVE. They just sit and read traffic and record the interesting (or not so interesting) bits.
Our hacker friends can probably shed some more light on this also.
Why worry about e-mail addresses being diverted? If you don't want them to find you out, don't give out your address. "The first rule of not being seen is DON'T STAND UP!" -----BEGIN PGP SIGNATURE----- Version: 4.5 iQEVAwUBM1xFD+QCP3v30CeZAQFkqwf8CqoTcBKFc4L7rHJbHNYot3foSTLXAf+E S5TxCkxL4Q5QZvLHtHBC6NBICsLrRPaaypOvXkAG9XXfaQdDT844gSv002/LznZj eWzgPkng5OtUECfnHy2ve9isfBjQHgaR+yMVglS/Kxqs9myOh+yfJZcGBk6xgmmd obLQJtO9e20dWKiG8dfWTRJh0llrXR2cpNdvg2CwN9B6nIDp+VOFGXAuWTNK8Lp9 Of1KPQAe3MsmmbvGMWruWaFwafdpxDpn1wnoSgFVfjQScIskZWmXIF4UAzS7dIYj Isuq8ZjraGtkuG4noj82YyX5Ixf01+i3Dpww5MHSZAkTrPdlxR8cyw== =pTuL -----END PGP SIGNATURE----- --- | "Mi Tio es infermo, pero la carretera es verde!" | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano@teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan@ctrl-alt-del.com|
participants (4)
-
Alan Olsen -
Brian Durham -
dlv@bwalk.dm.com -
Thomas Porter