tronza87 (December 31, 1969 at 4:59 pm)

What this has to do with "hacking"?

suttercain (December 31, 1969 at 4:59 pm)

This is so bad. You assume the "hacker" already has access to the FTP site to obtain the PHP file. If that's the case the rest of your script is poor at best.

ZeroMOA4 (December 31, 1969 at 4:59 pm)

I have to agree, php is a server-side language, so hacking with it is not very practical. I prefer Javascript and Perl for hacking.

gamingmaster14 (December 31, 1969 at 4:59 pm)

LOL! those are the most newbest ways to hack.

magnum789 (December 31, 1969 at 4:59 pm)

lol yeah:p

AssShow (December 31, 1969 at 4:59 pm)

html+php ownz

StrikeMike2k (December 31, 1969 at 4:59 pm)

This guy is funny... Did he say "input type=dropdown" at 12:51? HAHA funny. select tag would be a better way of saying it.

pimpjongen (December 31, 1969 at 4:59 pm)

This works is because of 2, bad practice, loops:while(list($key, $val) = each($_GET)) { $GLOBALS[$key] = $val;same with $_POST;Both the variables in GET and POST are written into the GLOBAL scope, thus overwriting the initialized $MailToAddress and $MailSubject.So for this exploit POST/GET doesn't matter. PHP5 is vulnerable as well. Even register_globals off won't help.Script google: PHP formmail + "asking for a name"Now why didn't the hacker explain that? I'm just a developer...

jessehanson1981 (December 31, 1969 at 4:59 pm)

"we can spoof the subject of the email", "inject into the web page" classic .. is this video directed towards noobs or programmers? you realize the web page is your browser don't you..

djshaunp (December 31, 1969 at 4:59 pm)

You sir are a uber dip shit deluxe. Plenty of people use or used this script, that's why it had a large rating on hotscripts[dot]com. Next time, save yourself from looking like a total retard, and do your research before you open your man hole.