HI guys'
I want to do a pentest form my friend's website and during the Nikto scan i found this message:
FormMail could allow remote code execution  for the attacker.

I did a lot of search to find out how to exploit it but i couldnt find anything useful
however i hacked the ftp service with an awesome exploit but i want to patch this vulnerability too but firstly give me a good exploit if you have then i'll find the patch
thank you

Check this out http://www.exploit-db.com/exploits/8950/ basically it makes it easier to create form to email type sites.  One of the issues with this is that it gives a possible method of spamming the recipients of those form messages as well as allowing someone to toss in code such as SQLi into the forms.  And it is PHP based which has a slew of other security issues to worry about.

i dont know how to use it becuase its XSS can anyone help me? and MAxe if your meaning about user interaction is they can trace and find me its ok becuase as i said this site is for my friend and all of them know what im donig can anybody help me to run the exploit