This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Testing for IMAP/SMTP Injection (OTG-INPVAL-011)

From OWASP
Revision as of 17:48, 1 November 2006 by Vicente.aguilera (talk | contribs) (Short Description of the Issue (Topic and Explanation))

Jump to: navigation, search

OWASP Testing Guide v2 Table of Contents

Short Description of the Issue (Topic and Explanation)

The aim of this test is to verify the capacity to inject arbitrary IMAP/SMTP commands into the mail servers with that one communicates the web application, due to input data that they have not been sanitized correctly.

This injection technique is really useful if the mail servers, which the webmail application communicates, are not directly accessible from Internet. In other cases, this technique is nonsense and results more practise do a direct connection to those servers, without using the webmail applications.

Black Box testing and example

Testing for Topic X vulnerabilities:
...
Result Expected:
...

Gray Box testing and example

Testing for Topic X vulnerabilities:
...
Result Expected:
...

References

Whitepapers
...
Tools
...

OWASP Testing Guide v2

Here is the OWASP Testing Guide v2 Table of Contents OWASP Testing Guide v2 Table of Contents 

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
Retrieved from "https://wiki.owasp.org/index.php?title=Testing_for_IMAP/SMTP_Injection_(OTG-INPVAL-011)&oldid=11360"