[OT]Fake emails being as "failure to deliver"
Eli
yellowdog-general@lists.terrasoftsolutions.com
Wed Jun 9 23:07:01 2004
On Wed, 2004-06-09 at 14:21, Norberto Quintanar wrote:
> If you get an email message similiar to the one below don't click on
> it. It's part of a malicious spammers idea to infect your computer
> and get your password. It exploits a flaw/ bug in php. The PHP-Nuke
> contains an exploitable SQL injection vulnerability that can be used
> by attackers to cause the system to execute arbitrary SQL statements.
so if i'm reading my email from my freebsd _workstation_, and happened
to be using konqueror or evolution, and i foolishly click on the link -
what will happen?
is this thing going to try and execute arbitrary sql queries using php
on my local workstation (freebsd)?
i'm not running mysql or postgressql on my workstation. is the php
script even going to get executed for that matter? what browsers are
vulnerable, i wonder. (do they all execute php the same way?)
what specific situation is this really exploiting? someone who is
surfing the web from their server?
just wondering.
e