Mail injection through WebMail applications
This article describes an attack method against Web applications that communicate with mail servers, particularly WebMail applications. Some of the applications that are vulnerable to the mail injection threat can be exploited and forced to send arbitrary commands through e-mail protocols such as IMAP and SMTP. Hopefully, this information will prove useful to auditors and mail server code developers.
The method consists in crafting special POST variable contents that trick the interface into requesting or providing certain commands or information to the MTA.
Page 1 of 4
Leave a comment
Mail Server Operating System Poll
Get IP status, owner and location, obtain its corresponding hostname or check specific ports.
Open Relay Test
Test if your mail server is an open relay for spammers.
Check if your IP is listed in DNS based email blacklists (DNSBL)