More information about the Underscore mailing list

[_] header injection attack

Jack Rose jacklists at googlemail.com
Wed Nov 12 15:56:56 GMT 2008

I notice that the site is hosted with Servage - I've had the same
thing happen with sites hosted on 3 different accounts with them and
spoken to a few other people that have had similar problems with sites
hosted by Servage.

A quick google search came up with a load of people complaining about
similar problems including this thread on sitepoint
http://www.sitepoint.com/forums/showthread.php?t=557788

I changed hosts and I'd recommend doing the same.



On Wed, Nov 12, 2008 at 11:45 AM, s'unya <sunya.dickman at gmail.com> wrote:
> Apologies if this mail did go through earlier - I had imap controls on in
> gmail and had a queer response from the mailman.
>
> I just noticed that one of the sites I built a while back has had what I
> think is a header injection (www.green-skills.co.uk - view bottom of
> source). I can't work out where it is happening, does anyone have any tips
> on how to analyse where the vulnerability is?
>
> Help much appreciated.
>
> --
>                     o
>           o                 o
>               O   O   O
>     o  o   O s´unya O   o  o
> --
> underscore_ list info/archive -> http://www.under-score.org.uk/mailman/listinfo/underscore
>