E-mail Header Injection Vulnerabilities

نویسندگان

  • Sai Prashanth Chandramouli
  • Ziming Zhao
  • Adam Doupé
  • Gail-Joon Ahn
چکیده

E-mail Header Injection vulnerability is a class of vulnerability that can occur inweb applications that use user input to construct e-mailmessages. E-mail Header Injection is possiblewhen themailing script fails to check for the presence of e-mail headers in user input (either form fields or URL parameters). The vulnerability exists in the reference implementation of the built-in mail functionality in popular languages such as PHP, Java, Python, and Ruby. With the proper injection string, this vulnerability can be exploited to inject additional headers, modify existing headers, and alter the content of the e-mail.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

On automated prepared statement generation to remove SQL injection vulnerabilities

0950-5849/$ see front matter 2008 Elsevier B.V. A doi:10.1016/j.infsof.2008.08.002 * Corresponding author. Tel.: +1 919 513 4151. E-mail addresses: [email protected] ncsu.edu (L. Williams), [email protected] (T. Xie). Since 2002, over 10% of total cyber vulnerabilities were SQL injection vulnerabilities (SQLIVs). This paper presents an algorithm of prepared statement replacement for rem...

متن کامل

R Eview on Ip V 6 S Ecurity V Ulnerability I Ssues and M Itigation

One of the main purposes of Internet Protocol version 6 (IPv6) developments was to solve the IP address depletion concern due to the burgeoning growth of the Internet users. The new Internet protocol provides end-to-end communication, enhanced security and extensibility apart from the other features such as address auto-configuration or plug-and-play and faster packet processing in the routers....

متن کامل

International Journal of Advance Research and Innovation

In today‘s world the explosive growth of the Internet has brought many good things such as E-commerce-banking, E-mail, Cloud Computing. Most organizations, governments are linked to the internet in some way or the other, but the question arises ̳how safe are they‘. There is also a Dark side to all the progress such as Hack-ing, creation of Backdoors, phishing etc.This paper elucidates in brief ...

متن کامل

Technology Corner: Analysing E-mail Headers For Forensic Investigation

Electronic Mail (E-Mail), which is one of the most widely used applications of Internet, has become a global communication infrastructure service. However, security loopholes in it enable cybercriminals to misuse it by forging its headers or by sending it anonymously for illegitimate purposes, leading to e-mail forgeries. E-mail messages include transit handling envelope and trace information i...

متن کامل

Exploiting E-mail Structure to Improve Summarization

This paper presents the design and implementation of a system to summarize e-mail messages. The system exploits two aspects of e-mail, thread reply chains and commonly-found features, to generate summaries. The system uses existing software designed to summarize single text documents. Such software typically performs best on well-authored, formal documents. E-mail messages, however, are typical...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • it - Information Technology

دوره 59  شماره 

صفحات  -

تاریخ انتشار 2017