[OT]Fake emails being as "failure to deliver"

J.T.Blaylock yellowdog-general@lists.terrasoftsolutions.com
Tue Jun 15 20:29:37 2004 

Well, the way I understand it is that the exploit targets PHP running  
on your workstation. I don't think it involves the mail server. I know  
I said PHP is server side, but a better way to phrase it would be that  
PHP code is executed by the PHP uhhh... interpreter, I think, on a  
machine. Lots of people have PHP running on their machines. My point  
was that the browser does not execute PHP, so the exploit will work the  
same regardless of the client you use.

J.T.
On Jun 10, 2004, at 6:27 AM, Eli Cantu wrote:

> so are you saying that by checking my email from any workstation using  
> any
> client (browser or dedicated imap/pop), because "they will all do the  
> same
> thing", that this exploit will hit the connected smtp smtp/pop/imap  
> server?
>
> e
>
> (switching to top posting now, cause some ppl have a problem following  
> trends)
>
>
>
>
> Quoting "J.T.Blaylock" <jblaylock@mymacmail.com>:
>
>> PHP is server side. It has nothing to do with browsers, so they will
>> all do the same thing.
>>
>> J.T.
>> On Jun 9, 2004, at 10:06 PM, Eli wrote:
>>
>>>
>>> On Wed, 2004-06-09 at 14:21, Norberto Quintanar wrote:
>>>> If you get an email message similiar to the one below don't click on
>>>> it.  It's part of a malicious spammers idea to infect your computer
>>>> and get your password.  It exploits a flaw/ bug in php.  The  
>>>> PHP-Nuke
>>>> contains an exploitable SQL injection vulnerability that can be used
>>>> by attackers to cause the system to execute arbitrary SQL  
>>>> statements.
>>>
>>> so if i'm reading my email from my freebsd _workstation_, and  
>>> happened
>>> to be using konqueror or evolution, and i foolishly click on the  
>>> link -
>>> what will happen?
>>>
>>> is this thing going to try and execute arbitrary sql queries using  
>>> php
>>> on my local workstation (freebsd)?
>>>
>>> i'm not running mysql or postgressql on my workstation. is the php
>>> script even going to get executed for that matter? what browsers are
>>> vulnerable, i wonder. (do they all execute php the same way?)
>>>
>>> what specific situation is this really exploiting? someone who is
>>> surfing the web from their server?
>>>
>>> just wondering.
>>>
>>> e
>>>
>>> _______________________________________________
>>> yellowdog-general mailing list
>>> yellowdog-general@lists.terrasoftsolutions.com
>>> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog- 
>>> general
>>> HINT: to Google archives, try  '<keywords>  
>>> site:terrasoftsolutions.com'
>>
>> _______________________________________________
>> yellowdog-general mailing list
>> yellowdog-general@lists.terrasoftsolutions.com
>> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
>> HINT: to Google archives, try  '<keywords>  
>> site:terrasoftsolutions.com'
>>
>
>
>
>
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/
>
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general@lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> HINT: to Google archives, try  '<keywords> site:terrasoftsolutions.com'