Taginfosec

Registration Form Used To Send Spam Via Welcome Email

R

While reviewing a client site, I recently noticed a small number of accounts had registered with spurious firstName and lastName values such as: firstName:You have 5 new messages from Patty: lastName: 12 firstName:You have 5 new messages from Patty:lastName: After some digging, it appeared these customers had legitimate email addresses, however had placed no orders, nor had they interacted with...