Max NomadI use this contact form on my website and I think I've found evidence of someone trying out some sort of a hack with it. I was looking through my logs and noticed that someone had attempted to pass a variable to one of my pages that has no parameters:
(notice the http://betube.co.uk URL after ?pid=)
and then out of curiosity I looked at the page source to see if it actually affected the form -- and I saw that it had indeed embedded itself as a parameter within the form action:
<div class="wpcf7" id="wpcf7-f3-p2025-o1"><form action="/bgp/graphic-design-portfolio/brand-identity-designs/?pid=http%3A%2F%2Fbetube.co.uk%2Fhi#wpcf7-f3-p2025-o1" method="post" class="wpcf7-form">
So, just to test it again, I turned the /hi into /hiccup , reloaded the page and the same thing happened:
<div class="wpcf7" id="wpcf7-f3-p2025-o1"><form action="/bgp/graphic-design-portfolio/brand-identity-designs/?pid=http%3A%2F%2Fbetube.co.uk%2Fhiccup#wpcf7-f3-p2025-o1" method="post" class="wpcf7-form">
Now, when I filled out the app and hit send I received the form's content with no problems but I don't know if it sent a copy of the data to that URL in the UK. I don't know how to stop this so I figured I'd alert you to it in case you weren't already aware of it.
Thanks...
