[ Have a look at the article:
HaHacking_Mail-Injection.pdf
/ Habr / DeteAct Blog ]
Overview |
Usage |
More on the topic
My research on E-Mail Injection vulnerabilities & samples of vulnerable applications.
[⚠️] This repository contains samples of purposefully-vulnerable applications!
These applications were developed for demonstration purposes only. Read the text of the research to better understand the underlying causes ways to exploit this kind of vulnerabilities.
– CRLF Injection (SMTP / IMAP Injection)
– Arbitrary Command Flag Injection
– Improper Input Validation
Brief overview of applications:
Environment | Technologies | Exploited vulnerabilities |
---|---|---|
NodeJS | Express smtp-client |
CRLF Injection (SMTP) |
PHP | mail() |
CRLF Injection (SMTP) Arbitrary Command Flag Injection |
Python | Flask imaplib |
CRLF Injection (IMAP) |
Python | Flask email smtplib |
Improper Input Validation |
1) Install & Configure an SMTP server (e.g: Postfix):
apt install postfix
nano /etc/postfix/main.cf
postfix start
2) Install & Configure an IMAP server (e.g: Dovecot):
apt install dovecot-imapd
nano /etc/dovecot/dovecot.conf
/etc/init.d/dovecot start
3) Set the hahacking.local
domain name in /etc/hosts
& Add users;
// *Make sure to make changes to the application in case you want to use your own domain name
nano /etc/hosts
adduser contact
...
4) Download this repository:
git clone https://github.com/qwqoro/Mail-Injection
5) Start the application by launching any of the proposed backend implementations:
cd nodejs; npm install express smtp-client; node app.js # NodeJS
cd php; php -S 127.0.0.1:80 # PHP
cd python-imap; python app.py # Python IMAP
cd python-smtp; python app.py # Python Input Validation
6) Go to http://hahacking.local/
OR http://whateveryourdomainnameis/
7) Enjoy!
-
[CRLF Injection]
[SMTP]
[IMAP]
OWASP ‟Testing for IMAP SMTP Injection”: owasp.org/...Testing_for_IMAP_SMTP_Injection -
[CRLF Injection]
[SMTP]
Invicti ‟E-Mail Injection”: invicti.com/.../email-injection -
[CRLF Injection]
[SMTP]
VK9 Security ‟SMTP Injection”: vk9-sec.com/smtp-injection-attack -
[CRLF Injection]
[SMTP]
MBSD Takeshi Terada ‟SMTP Injection via recipient email addresses”: mbsd.jp/.../smtpi.pdf -
[CRLF Injection]
[SMTP]
[IMAP]
Vicente Aguilera Díaz “MX Injection: Capturing and Exploiting Hidden Mail Servers”: webappsec.org/.../121106.pdf -
[Arbitrary Command Flag Injection]
][akep (aLLy) ‟Эксплуатируем критическую уязвимость в PHPMailer и фреймворках, которые его используют”: xakep.ru/.../phpmailer-exploit