We observed 15 attempts to inject mail into the web forms of one of our honeypots. The following data is an example:
Content Type: multipart/alternative; boundary=2297385eb7e8f59b2cbb787f2dbfcbc3
MIME Version: 1.0
Subject: best song which shebcc: [email protected]
This is a multi part message in MIME format.
The content is truncated to 255 characters as the honeypot is not designed to accept long strings. The actual HTML limits the text field to 60 characters, so any program submitting more than this is ignoring the limit. This means it is likely to be an automated attack, or at least is using a program other than a standard web browser. The fact that the email is being mistakenly submitted to a form which asks for a command is also suggestive of an automatic mechanism as a human should realise that the attack will not work.