WebApp Sec mailing list archives
Problem about detecting "SMTP command injection", i.e. cr lf chars in web forms
From: "Maxime Ducharme" <mducharme () cybergeneration com>
Date: Thu, 24 Aug 2006 11:17:11 -0400
Hello guys, I am looking for a solution to detect attacks to web forms which allows to send an email. Example : contactus.asp which contains these fields : - From Name - From email - Subject - text We noticed that some programs used to send email does not properly filter the 3 first fields for carriage-return and line-feed chars, which allows someone to add SMTP commands in these fileds and constuct a valid SMTP session which this person can control. We are currently working at filtering these fileds in the applications code, but we host many sites we do not manage. I am looking for a way to detect these attacks with snort, is someone aware of a rule for this kind of attack, or may help me wrtiing one ? Any other idea/suggestion is also welcome Thanks in advance Have a nice day Maxime Ducharme ------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB --------------------------------------------------------------------------
Current thread:
- Problem about detecting "SMTP command injection", i.e. cr lf chars in web forms Maxime Ducharme (Aug 24)