tronza87 (November 30, 1999 at 12:00 am)

What this has to do with "hacking"?

suttercain (November 30, 1999 at 12:00 am)

This is so bad. You assume the "hacker" already has access to the FTP site to obtain the PHP file. If that's the case the rest of your script is poor at best.

ZeroMOA4 (November 30, 1999 at 12:00 am)

I have to agree, php is a server-side language, so hacking with it is not very practical. I prefer Javascript and Perl for hacking.

gamingmaster14 (November 30, 1999 at 12:00 am)

LOL! those are the most newbest ways to hack.

magnum789 (November 30, 1999 at 12:00 am)

lol yeah:p

AssShow (November 30, 1999 at 12:00 am)

html+php ownz

StrikeMike2k (November 30, 1999 at 12:00 am)

This guy is funny... Did he say "input type=dropdown" at 12:51? HAHA funny. select tag would be a better way of saying it.

pimpjongen (November 30, 1999 at 12:00 am)

This works is because of 2, bad practice, loops:while(list($key, $val) = each($_GET)) { $GLOBALS[$key] = $val;same with $_POST;Both the variables in GET and POST are written into the GLOBAL scope, thus overwriting the initialized $MailToAddress and $MailSubject.So for this exploit POST/GET doesn't matter. PHP5 is vulnerable as well. Even register_globals off won't help.Script google: PHP formmail + "asking for a name"Now why didn't the hacker explain that? I'm just a developer...

jessehanson1981 (November 30, 1999 at 12:00 am)

"we can spoof the subject of the email", "inject into the web page" classic .. is this video directed towards noobs or programmers? you realize the web page is your browser don't you..

djshaunp (November 30, 1999 at 12:00 am)

You sir are a uber dip shit deluxe. Plenty of people use or used this script, that's why it had a large rating on hotscripts[dot]com. Next time, save yourself from looking like a total retard, and do your research before you open your man hole.