Web application security - the fast guide 1.1 | Page 144
Chapter 7 - Attack execution (3)
P a g e | 144
7.5 Attack Mail service
Contact Us
Sender Email
Contact Us
Subject
Message
Cancel
Send
Most of application and even the simplest websites contain the contact us part
that normally enclosed a form that will allow application users to communicate
with site owner through sending simple mail message which makes mail services
one of the main services that the attacker think of when he wants to first initiate
an attack.
Mail service uses SMTP (simple mail transfer protocol) which considered as its
name refers a simple protocol the issue that makes is very easy for attackers to
use crafted SMTP commands by injecting input in the mail service provided by
the application.
What makes that attack dangerous is the fact that it can represent an essential
part of other attacks as it allows spamming through victim mail server the first
step of attacks like session hijacking.
7.6 Header Juggling
Attack requirement:
A. The application provides a contact us form that asks for user email
address and use it in the SMTP FROM header
B. Application uses common methods like mail() functionality to send emails
C. The application does not provide any sanitation functionality on the form
input