WebApp Sec mailing list archives
Re: Whitepaper: SMTP Injection via recipient email addresses
From: Amit Klein <aksecurity () gmail com>
Date: Fri, 18 Dec 2015 07:34:39 +0200
Well done, Takeshi. And very nice research, BTW. Best, -Amit On Fri, Dec 18, 2015 at 5:13 AM, Takeshi Terada <mbsdtest01 () gmail com> wrote:
Dear Amit Klein and all, Thanks for letting me know previous researches. I was not aware of Insomnia's paper mentioning injection to RCPT. I added the links to the works you mentioned to the paper. Revised version is available at the same URL: http://www.mbsd.jp/Whitepaper/smtpi.pdf I really appreciate your feedback. Regards, Takeshi Terada 2015-12-17 5:27 GMT+09:00 Amit Klein <aksecurity () gmail com>:Dear Takeshi Terada Thanks for sharing your paper. I'd like to draw your attention to the following: Injection into RCPT is mentioned in https://www.insomniasec.com/downloads/publications/Common_Application_Flaws.ppt (see slides 15-16) released November 2008 (see https://www.insomniasec.com/releases). The general concept of injecting into SMTP commands (in this case, into the DATA command, terminating the DATA command and escaping into SMTP scope using a single-dot line, and composing a second, new message using additional SMTP commands) is discussed e.g. here: http://www.webappsec.org/projects/articles/121106.pdf (see section 3.2), released November 2006. Best, -Amit On Wed, Dec 9, 2015 at 10:20 AM, Takeshi Terada <mbsdtest01 () gmail com> wrote:Dear all, MBSD released a whitepaper titled "SMTP Injection via recipient email addresses." http://www.mbsd.jp/Whitepaper/smtpi.pdf The paper discusses SMTP Injection attacks via malformed recipient email addresses in some email libraries in Ruby, Java and PHP. TOC 1. Introduction 2. How the attack works 3. Vulnerability examples 3.1. Ruby's Mail 3.2. JavaMail 3.3. PHPMailer 3.4. Other platforms 4.Further attack possibility 4.1. FWS Attack 4.2. CRLF-less attack 4.3. Line-breaks for SMTP servers 5. Sender address attack 6. Conclusion Best regards, -- Takeshi Terada Mitsui Bussan Secure Directions, Inc. http://www.mbsd.jp/ This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus ---------------------------------------- Takeshi Terada Mitsui Bussan Secure Directions, Inc. http://www.mbsd.jp/
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Whitepaper: SMTP Injection via recipient email addresses Takeshi Terada (Dec 16)
- Re: Whitepaper: SMTP Injection via recipient email addresses Amit Klein (Dec 16)
- Message not available
- Re: Whitepaper: SMTP Injection via recipient email addresses Takeshi Terada (Dec 17)
- Re: Whitepaper: SMTP Injection via recipient email addresses Amit Klein (Dec 17)
- Re: Whitepaper: SMTP Injection via recipient email addresses Takeshi Terada (Dec 17)