Hi all,
I have been using the webmail helper recently but have noticed a number of "spoofed" IP's posting (testing holes?). The strange thing is I am using the anti forgery token as well as html encoding the user input but the post arrive as base64 encoded. When I submit via the site the post always come through as asci, heres the two headers from the email:
Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable
versus the tampered (???)
Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: base64
Can anyone help me with diagnosing if this is a breach of one of the back end systems or a possible vulnerability in the webmail helper?
Cheers,
Jus