WebApp Sec mailing list archives
Re: Whitepaper: SMTP Injection via recipient email addresses
From: Amit Klein <aksecurity () gmail com>
Date: Wed, 16 Dec 2015 22:28:43 +0200
Dear Takeshi Terada Thanks for sharing your paper. I'd like to draw your attention to the following: Injection into RCPT is mentioned in https://www.insomniasec.com/downloads/publications/Common_Application_Flaws.ppt (see slides 15-16) released November 2008 (see https://www.insomniasec.com/releases). The general concept of injecting into SMTP commands (in this case, into the DATA command, terminating the DATA command and escaping into SMTP scope using a single-dot line, and composing a second, new message using additional SMTP commands) is discussed e.g. here: http://www.webappsec.org/projects/articles/121106.pdf (see section 3.2), released November 2006. Best, -Amit On Wed, Dec 9, 2015 at 10:20 AM, Takeshi Terada <mbsdtest01 () gmail com> wrote:
Dear all, MBSD released a whitepaper titled "SMTP Injection via recipient email addresses." http://www.mbsd.jp/Whitepaper/smtpi.pdf The paper discusses SMTP Injection attacks via malformed recipient email addresses in some email libraries in Ruby, Java and PHP. TOC 1. Introduction 2. How the attack works 3. Vulnerability examples 3.1. Ruby's Mail 3.2. JavaMail 3.3. PHPMailer 3.4. Other platforms 4.Further attack possibility 4.1. FWS Attack 4.2. CRLF-less attack 4.3. Line-breaks for SMTP servers 5. Sender address attack 6. Conclusion Best regards, -- Takeshi Terada Mitsui Bussan Secure Directions, Inc. http://www.mbsd.jp/ This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Whitepaper: SMTP Injection via recipient email addresses Takeshi Terada (Dec 16)
- Re: Whitepaper: SMTP Injection via recipient email addresses Amit Klein (Dec 16)
- Message not available
- Re: Whitepaper: SMTP Injection via recipient email addresses Takeshi Terada (Dec 17)
- Re: Whitepaper: SMTP Injection via recipient email addresses Amit Klein (Dec 17)
- Re: Whitepaper: SMTP Injection via recipient email addresses Takeshi Terada (Dec 17)