This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Periodic Table of Vulnerabilities - Mail Command Injection

From OWASP
Jump to: navigation, search

Return to Periodic Table Working View

Mail Command Injection

Root Cause Summary

An application includes dynamic data in SMTP communications without sanitizing or encoding the data. The structure of the data changes the meaning of the mail commands or allows an attacker to inject new commands.

Browser / Standards Solution

None

Perimeter Solution

None

Generic Framework Solution

The framework should provide safe libraries for interacting with mail server systems which automatically encodes and escapes data to prevent alterations to the intended functionality.

Custom Framework Solution

None

Custom Code Solution

None

Discussion / Controversy

None

References

Mail Command Injection (WASC)
IMAP/SMTP Command Injection (CAPEC-183)