What Is Email Header Injection?

What Is Email Header Injection?


It’s common practice for websites to implement contact forms which in-turn send emails to an intended recipient of the message by a legitimate user. Most of the time such a contact form would set SMTP headers such as From and Reply-to to make it easy for the recipient to treat communication from the contact form just like they would any other email.

Unfortunately, unless the user’s input is validated before being inserted into SMTP headers, the contact form might be vulnerable to Email Header Injection (also referred to as SMTP header injection). This is because an attacker may be able to inject additional headers into the message, thereby instructing the SMTP server to carry out different instructions than intended.


via DZone.com Feed https://dzone.com

May 12, 2017 at 06:27AM


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s