E-mail Header Injection Vulnerabilities

E-mail Header Injection vulnerability is a class of vulnerability that can occur in web applications that use user input to construct e-mail messages. E-mail Header Injection is possible when the mailing script fails to check for the presence of e-mail headers in user input (either form fields or URL parameters). The vulnerability exists in the reference implementation of the built-in mail functionality in popular languages such as PHP, Java, Python, and Ruby. With the proper injection string, this vulnerability can be exploited to inject additional headers, modify existing headers, and alter the content of the e-mail.

Chandramouli, Sai Prashanth; Zhao, Ziming; Doupé, Adam; Ahn, Gail-Joon (2017): E-mail Header Injection Vulnerabilities. it - Information Technology: Vol. 59, No. 5. DOI: 10.1515/itit-2016-0039. Berlin: De Gruyter. PISSN: 1611-2776. pp. 67. Thematic Issue: Vulnerability Analysis

Schlagwörter

E-mail Header Injection , software security

DOI

10.1515/itit-2016-0039

Sammlungen

it - Information Technology 59(2) - April 2017

Komplettanzeige

E-mail Header Injection Vulnerabilities

Volltext URI

Dokumententyp

Zusatzinformation

Datum

Autor:innen

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Quelle

Verlag

Zusammenfassung

Beschreibung

Schlagwörter

Zitierform

DOI

Tags

Sammlungen