http://www.perlmonks.org?node_id=306572


in reply to Vetting a CGI script

For arbitrary input, consider that you are offering to set up a spam relay:

$in{myName} = "\n.\nMAIL FROM fake@dev.null\n" . "RCPT TO poor@target.domain\n" . "DATA\n$spam_message_goes_here\n\.\n" . "MAIL FROM junk@throwaway\nRCPT TO nobody@nowhere\n" . "DATA\n\nJust junk to avoid throwing an error"

... or anything else someone might want to do with access to your SMTP server. (Moral of story: Net::SMTP ... but I assume you are doing this as justification for a rewrite anyway.)


My parents just came back from a planet where the dominant life form had no
bilateral symmetry, and all I got was this stupid F-Shirt.