PHP Email Injection Example544
Pages:
1
|
LiquidLayer private msg quote post Address this user | |
| By Ahmed Mohamed|May 9th, 2013 Source: http://resources.infosecinstitute.com/email-injection This may have been resolved in PHP 5.3 and above ... but this is a good example of what could happen .... Nowadays, internet usage is growing dramatically, but the vast majority of internet users don’t have a security background. Most of people use the Internet for communication with each other via email message on in regular basis. For this reason, most webmasters allowing their customers to contact them —giving a suggestion, reporting a problem, or asking for a feedback, use a contact form that will send the feedback to the webmaster’s email. Unfortunately, most of the web developers don’t have sufficient information about securing code, and some of them use a ready-made library or framework, which suffer from many well-known vulnerabilities. These are published already and have been patched by the vendor and their exploits are available on the internet, but most of the developers are too lazy to upgrade to the latest version. Today we are going to talk about Email Injections that an attacker could use it to send out spam from your mail server using your mail form. Email Injection Email injection according to Wikipedia: Email injection is a security vulnerability that can occur in Internet applications that are used to send email messages. It is the email equivalent of HTTP Header Injection. Like SQL injection attacks, this vulnerability is one of a general class of vulnerabilities that occur when one programming language is embedded within another. When a form is added to a Web page that submits data to a Web application, a malicious user may exploit the MIME format to append additional information to the message being sent, such as a new list of recipients or a completely different message body. Because the MIME format uses a carriage return to delimit the information in a message, and only the raw message determines its eventual destination, adding carriage returns to submitted form data can allow a simple guestbook to be used to send thousands of messages at once. A malicious spammer could use this tactic to send large numbers of messages anonymously. Email injection is a type of injection attack that hits the PHP built-in mail function. It allows the malicious attacker to inject any of the mail header fields like, BCC , CC, Subject, etc., which allows the hacker to send out spam from their victims’ mail server through their victims’ contact form. For this reason, this attack is called Email Injection, or mail form spamming. This vulnerability is not limited to PHP. It can potentially affect any application that sends email messages based on input from arbitrary users. The main reason of this attack is improper user input validation or that there is no validation and filtration at all. How Does Email Injection Work? Click here to view more of the story on InfoSec Institute About the Author: Ahmed Mohamed Ahmed Elhady Mohamed is a researcher at InfoSec Institute and an information security professional and author. He focuses mainly in the areas of exploitation,reverse engineering and web security. He's the webmaster of www.ITsec4all.com Liquid Layer Networks | Cloud Hosting http://www.LiquidLayer.net |
||
| Post 1 • IP flag post | ||
|
|
LiquidLayer private msg quote post Address this user | |
| * More info and example of SQL Injection Source: http://www.programmerinterview.com/index.php/database-sql/sql-injection-example/ Provide an example of SQL Injection A SQL injection attack is exactly what the name suggests – it is where a hacker tries to “inject” his harmful/malicious SQL code into someone else’s database, and force that database to run his SQL. This could potentially ruin their database tables, and even extract valuable or private information from their database tables. The idea behind SQL injection is to have the application under attack run SQL that it was never supposed to run. How do hackers do this? As always, it’s best to show this with examples that will act as a tutorial on SQL injection. SQL Injection Example In this tutorial on SQL injection, we present a few different examples of SQL injection attacks, along with how those attacks can be prevented. SQL injection attacks typically start with a hacker inputting his or her harmful/malicious code in a specific form field on a website. A website ‘form’, if you don’t already know, is something you have definitely used – like when you log into Facebook you are using a form to login, and a form input field can be any field on a form that asks for your information – whether it’s an email address or a password, these are all form fields. For our example of SQL injection, we will use a hypothetical form which many people have probably dealt with before: the “email me my password” form, which many websites have in case one of their users forgets their password. Subscribe to our newsletter for more free interview questions. The way a typical “email me my password” form works is this: it takes the email address as an input from the user, and then the application does a search in the database for that email address. If the application does not find anything in the database for that particular email address, then it simply does not send out an email with a new password to anyone. However, if the application does successfully find that email address in its database, then it will send out an email to that email address with a new password, or whatever information is required to reset the password. But, since we are talking about SQL injection, what would happen if a hacker was not trying to input a valid email address, but instead some harmful SQL code that he wants to run on someone else’s database to steal their information or ruin their data? Well, let’s explore that with an example, starting from how a hacker would typically get started in order to figure out a system works. Starting the SQL Injection Process The SQL that would retrieve the email address in the “email me my password” form would typically look something like this – keep in mind that this SQL really is embedded within a scripting language like PHP (it depends on what scripting language is being used by the application): Click here for more on this story via ProgrammerInterview.com Liquid Layer Networks | Cloud Hosting http://www.LiquidLayer.net |
||
| Post 2 • IP flag post | ||
Pages:
1
