This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Periodic Table of Vulnerabilities - Mail Command Injection
From OWASP
Revision as of 20:57, 17 July 2013 by James Landis (talk | contribs) (Created page with "Return to Periodic Table Working View == Mail Command Injection == === Root Cause Summary === A...")
Return to Periodic Table Working View
Mail Command Injection
Root Cause Summary
An application includes dynamic data in SMTP communications without sanitizing or encoding the data. The structure of the data changes the meaning of the mail commands or allows an attacker to inject new commands.
Browser / Standards Solution
None
Perimeter Solution
None
Generic Framework Solution
The framework should provide safe libraries for interacting with mail server systems which automatically encodes and escapes data to prevent alterations to the intended functionality.
Custom Framework Solution
None
Custom Code Solution
None
Discussion / Controversy
None
References
Mail Command Injection (WASC)
IMAP/SMTP Command Injection (CAPEC-183)