What Is Email Header Injection?
It’s common practice for websites to implement contact forms which in-turn send emails to an intended recipient of the message by a legitimate user. Most of the time such a contact form would set SMTP headers such as
Reply-to to make it easy for the recipient to treat communication from the contact form just like they would any other email.
Unfortunately, unless the user’s input is validated before being inserted into SMTP headers, the contact form might be vulnerable to Email Header Injection (also referred to as SMTP header injection). This is because an attacker may be able to inject additional headers into the message, thereby instructing the SMTP server to carry out different instructions than intended.
via DZone.com Feed https://dzone.com
May 12, 2017 at 06:27AM