Wednesday, June 19, 2019

SMTP Injection

Introduction



In an SMTP command injection attack, the input entered by the user is directly sent into the mail server without proper sanitation of the inputs. Thus an attacker can send SMTP commands which will be sent to the back-end mail server where it will be queried by the web-mail server and the commands will be executed.

Impact
SMTP Command Injection can be used to add unauthorized recipients and send messages without the knowledge of the authorized person. This injection can also be used to create an entirely new message where an attacker can control the headers as well. An attacker can send a large number of messages or can send phishing emails where the receiver believes that the message is being originated from a trusted source.

Where to test?
Every parameter that is passed to an email related function in an application should be tested properly. Parameters that may appear unrelated should also be tested.

 Use the following link for vulnerable SMTP Injection code written in php.

How to test?


  • Navigate to the form as shown in Exhibit 1.


Exhibit 1
  • Fill the details as shown in Exhibit 2. 
Exhibit 2
  • Intercept the request using burp suite and enter the payload in email_from as “mario%40mari0.com%0a%0dRCPT%20TO:%20testsmtp@mari0.com” and submit the request.
Exhibit 3
  • The response from the server tells the email has been sent. Check the root mail to see if the mail has been received by the owner as shown in the below exhibit.
Exhibit 4
  • Let us now look at the testsmtp mail id to see if the mail was sent to testsmtp user as well. The below exhibit shows that the mail has been sent to testsmtp@mari0.com.
Exhibit 5

Remediation
SMTP Injection could involve validating user’s input to not allow any newline characters in the input causing another SMTP header to be created. The best practice to prevent the application from SMTP Injection is to whitelist the allowed characters for use in SMTP headers. In a secure environment, if a malicious data is inserted, the response should be an error with some corresponding action telling the client that something has gone wrong.

References


https://github.com/RihaMaheshwari/SMTP-Injection
https://www.tecmint.com/setup-postfix-mail-server-in-ubuntu-debian/

Posted by at

3 comments:

  1. TOMIN PAULJuly 16, 2019 at 4:10 AM

    👍

    ReplyDelete
  2. AnonymousApril 19, 2022 at 11:29 AM

    Jagskap: Smtp Injection >>>>> Download Now

    >>>>> Download Full

    Jagskap: Smtp Injection >>>>> Download LINK

    >>>>> Download Now

    Jagskap: Smtp Injection >>>>> Download Full

    >>>>> Download LINK VP

    ReplyDelete
  3. JacobHarmanMay 12, 2023 at 1:13 AM

    This is the kind of bookkeeping programming utilized by enormous partnerships and multinationals. On top of assisting with the perplexing bookkeeping processes, endeavor bookkeeping programming frequently connect with different administrations like work process the executives and undertaking arranging.

    Regularly, when an organization commissions venture bookkeeping programming, they follow multistage conventions which might incorporate mentioning data from the bookkeeping programming improvement organization and an item exhibit>> visit the site

    ReplyDelete

Subscribe to: Post Comments (Atom)