[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Problem about detecting "SMTP command injection", i.e. cr lf chars in web forms

From: "Maxime Ducharme" <mducharme@xxxxxxxxxxxxxxxxxxx>
Subject: [WEB SECURITY] Problem about detecting "SMTP command injection", i.e. cr lf chars in web forms
Date: Thu, 24 Aug 2006 11:17:11 -0400

Hello guys,
	I am looking for a solution to detect attacks
to web forms which allows to send an email.

Example :
contactus.asp which contains these fields :

- From Name
- From email
- Subject
- text

We noticed that some programs used to send email does
not properly filter the 3 first fields for carriage-return and
line-feed chars, which allows someone to add SMTP commands
in these fileds and constuct a valid SMTP session which
this person can control.

We are currently working at filtering these fileds in the applications
code, but we host many sites we do not manage.

I am looking for a way to detect these attacks with snort, is
someone aware of a rule for this kind of attack, or may help me wrtiing one
?

Any other idea/suggestion is also welcome

Thanks in advance

Have a nice day
 
Maxime Ducharme



----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Prev by Date: RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners
Next by Date: [WEB SECURITY] Re: Problem about detecting "SMTP command injection", i.e. cr lf chars in web forms
Previous by thread: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners
Next by thread: [WEB SECURITY] Re: Problem about detecting "SMTP command injection", i.e. cr lf chars in web forms
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site