[ Have a look at the article: HaHacking_Mail-Injection.pdf / Habr / DeteAct Blog ]
Overview |
Usage |
More on the topic
My research on E-Mail Injection vulnerabilities & samples of vulnerable applications.
[⚠️] This repository contains samples of purposefully-vulnerable applications!
These applications were developed for demonstration purposes only. Read the text of the research to better understand the underlying causes + ways to exploit this kind of vulnerabilities.
– CRLF Injection (SMTP / IMAP Injection)
– Arbitrary Command Flag Injection
– Improper Input Validation
(追記) Brief overview of applications (追記ここまで):
| Environment | Technologies | Exploited vulnerabilities |
|---|---|---|
| NodeJS NodeJS | Express + smtp-client |
CRLF Injection (SMTP) |
| NodeJS PHP | mail() |
CRLF Injection (SMTP) + Arbitrary Command Flag Injection |
| NodeJS Python | Flask + imaplib |
CRLF Injection (IMAP) |
| NodeJS Python | Flask + email + smtplib |
Improper Input Validation |
1) Install & Configure an SMTP server (e.g: Postfix):
apt install postfix nano /etc/postfix/main.cf postfix start
2) Install & Configure an IMAP server (e.g: Dovecot):
apt install dovecot-imapd nano /etc/dovecot/dovecot.conf /etc/init.d/dovecot start
3) Set the hahacking.local domain name in /etc/hosts & Add users;
// *Make sure to make changes to the application in case you want to use your own domain name
nano /etc/hosts adduser contact ...
4) Download this repository:
git clone https://github.com/qwqoro/Mail-Injection
5) Start the application by launching any of the proposed backend implementations:
cd nodejs; npm install express smtp-client; node app.js # NodeJS cd php; php -S 127.0.0.1:80 # PHP cd python-imap; python app.py # Python IMAP cd python-smtp; python app.py # Python Input Validation
6) Go to http://hahacking.local/ OR http://whateveryourdomainnameis/
7) Enjoy!
-
[CRLF Injection][SMTP][IMAP]
OWASP ‟Testing for IMAP SMTP Injection": owasp.org/...Testing_for_IMAP_SMTP_Injection -
[CRLF Injection][SMTP]
Invicti ‟E-Mail Injection": invicti.com/.../email-injection -
[CRLF Injection][SMTP]
VK9 Security ‟SMTP Injection": vk9-sec.com/smtp-injection-attack -
[CRLF Injection][SMTP]
MBSD Takeshi Terada ‟SMTP Injection via recipient email addresses": mbsd.jp/.../smtpi.pdf -
[CRLF Injection][SMTP][IMAP]
Vicente Aguilera Díaz "MX Injection: Capturing and Exploiting Hidden Mail Servers": webappsec.org/.../121106.pdf -
[Arbitrary Command Flag Injection]
][akep (aLLy) ‟Эксплуатируем критическую уязвимость в PHPMailer и фреймворках, которые его используют": xakep.ru/.../phpmailer-exploit