Fixing Movable Type spam vulnerability

By François Nonnenmacher on November 26, 2003 11:57 PM | | TrackBacks (0)

Ben Trott has posted a note and a fix to the Movable Type spam vulnerability. This should reduce the incentive a lot, however, as Ben points out, all "email this to a friend" programs are vulnerable to being used by spammers, because they allow the user to specify a To: address and a message body. One thing though, even if you are not using this feature on your MT weblog, you should still patch or, better, remove the mt-send-entry.cgi script.

Categories:

0 TrackBacks

Listed below are links to blogs that reference this entry: Fixing Movable Type spam vulnerability.

TrackBack URL for this entry: http://padawan.info/cgi-bin/mt/mt-trckbck.cgi/599

About this Entry

This page contains a single entry by François Nonnenmacher published on November 26, 2003 11:57 PM.

MT send entry security hole was the previous entry in this blog.

You've got jail! is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Powered by Movable Type 4.01

Search