J
John W. Long
We are using the following code to send email messages from an online form
on our web site:
Net::SMTP.start('localhost', 25) {|smtp|
smtp.sendmail(message, @from, @to)
}
The values of @from and @to are taken directly from their cgi.params values
with basically no modification. Is it possible for someone to exploite this
as a security vulnerability? Could someone use it to send email to multiple
addresses?
on our web site:
Net::SMTP.start('localhost', 25) {|smtp|
smtp.sendmail(message, @from, @to)
}
The values of @from and @to are taken directly from their cgi.params values
with basically no modification. Is it possible for someone to exploite this
as a security vulnerability? Could someone use it to send email to multiple
addresses?