In MX Injection: Capturing and Exploiting Hidden Mail Servers, Vicente Aguilera Diaz of the Web Application Security Consortium describes MX Injection which is similar to SQL and XPath attacks.
This document presents a new attack technique against web applications that communicate with mail servers, generally webmail applications. Some of these applications are vulnerable to this new threat, which I called MX Injection due to the possibility of injecting commands from mail protocols (IMAP, SMTP). This document details the techniques and possibilities of MX Injection, as well as some counter measures to protect against this new attack type. This document is oriented toward web developers building applications that communicate with mail servers, as well as to security professionals who audit these kinds of applications.
Related posts
Link roundup for 8/5/07 Fingerprinting the World's Mail Servers: is a short research article by by Ken Simpson and Stas Bekman in O'Reilly Sysadmin investigating the percentage of depl ...
Link roundup for 1/7/08 Shelf - Context for MacOS - jerakeen.org: the software is still in proof-of-concept stage, but the idea is promising. Shelf runs in the background and polls the ...
Link roundup for 1/2/08 How to Lose Your Job on Your Own Time: A New York Times piece on the upward trend of employers learning about employees off-clock activities via the employee's ...
Syndicate with RSS
Add New Comment
Thanks. Your comment is awaiting approval by a moderator.
Do you already have an account? Log in and claim this comment.
Add New Comment