Web Application Security
Re: Whitepaper: SMTP Injection via recipient email addresses Dec 18 2015 03:13AM
Takeshi Terada (mbsdtest01 gmail com) (1 replies)
Re: Whitepaper: SMTP Injection via recipient email addresses Dec 18 2015 05:34AM
Amit Klein (aksecurity gmail com)
Well done, Takeshi. And very nice research, BTW.

Best,
-Amit

On Fri, Dec 18, 2015 at 5:13 AM, Takeshi Terada <mbsdtest01 (at) gmail (dot) com [email concealed]> wrote:
> Dear Amit Klein and all,
>
> Thanks for letting me know previous researches.
> I was not aware of Insomnia's paper mentioning injection to RCPT.
> I added the links to the works you mentioned to the paper.
> Revised version is available at the same URL:
> http://www.mbsd.jp/Whitepaper/smtpi.pdf
> I really appreciate your feedback.
>
> Regards,
> Takeshi Terada
>
> 2015-12-17 5:27 GMT+09:00 Amit Klein <aksecurity (at) gmail (dot) com [email concealed]>:
>> Dear Takeshi Terada
>>
>> Thanks for sharing your paper. I'd like to draw your attention to the
>> following:
>>
>> Injection into RCPT is mentioned in
>> https://www.insomniasec.com/downloads/publications/Common_Application_Fl
aws.ppt
>> (see slides 15-16) released November 2008 (see
>> https://www.insomniasec.com/releases).
>>
>> The general concept of injecting into SMTP commands (in this case, into the
>> DATA command, terminating the DATA command and escaping into SMTP scope
>> using a single-dot line, and composing a second, new message using
>> additional SMTP commands) is discussed e.g. here:
>> http://www.webappsec.org/projects/articles/121106.pdf (see section 3.2),
>> released November 2006.
>>
>> Best,
>> -Amit
>>
>>
>> On Wed, Dec 9, 2015 at 10:20 AM, Takeshi Terada <mbsdtest01 (at) gmail (dot) com [email concealed]>
>> wrote:
>>>
>>> Dear all,
>>>
>>> MBSD released a whitepaper titled "SMTP Injection via recipient email
>>> addresses."
>>> http://www.mbsd.jp/Whitepaper/smtpi.pdf
>>>
>>> The paper discusses SMTP Injection attacks via malformed recipient
>>> email addresses in some email libraries in Ruby, Java and PHP.
>>>
>>> TOC
>>> 1. Introduction
>>> 2. How the attack works
>>> 3. Vulnerability examples
>>> 3.1. Ruby's Mail
>>> 3.2. JavaMail
>>> 3.3. PHPMailer
>>> 3.4. Other platforms
>>> 4.Further attack possibility
>>> 4.1. FWS Attack
>>> 4.2. CRLF-less attack
>>> 4.3. Line-breaks for SMTP servers
>>> 5. Sender address attack
>>> 6. Conclusion
>>>
>>> Best regards,
>>>
>>> --
>>> Takeshi Terada
>>> Mitsui Bussan Secure Directions, Inc.
>>> http://www.mbsd.jp/
>>>
>>>
>>>
>>> This list is sponsored by Cenzic
>>> --------------------------------------
>>> Let Us Hack You. Before Hackers Do!
>>> It's Finally Here - The Cenzic Website HealthCheck. FREE.
>>> Request Yours Now!
>>> http://www.cenzic.com/2009HClaunch_Securityfocus
>>> --------------------------------------
>>>
>>
>
>
>
> --
> Takeshi Terada
> Mitsui Bussan Secure Directions, Inc.
> http://www.mbsd.jp/

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus