[prev in list] [next in list] [prev in thread] [next in thread]
List: webappsec
Subject: Problem about detecting "SMTP command injection", i.e. cr lf chars in web forms
From: "Maxime Ducharme" <mducharme () cybergeneration ! com>
Date: 2006-08-24 15:17:11
Message-ID: 20060824151232.2319.qmail () mail ! securityfocus ! com
[Download RAW message or body]
Hello guys,
I am looking for a solution to detect attacks
to web forms which allows to send an email.
Example :
contactus.asp which contains these fields :
- From Name
- From email
- Subject
- text
We noticed that some programs used to send email does
not properly filter the 3 first fields for carriage-return and
line-feed chars, which allows someone to add SMTP commands
in these fileds and constuct a valid SMTP session which
this person can control.
We are currently working at filtering these fileds in the applications
code, but we host many sites we do not manage.
I am looking for a way to detect these attacks with snort, is
someone aware of a rule for this kind of attack, or may help me wrtiing one
?
Any other idea/suggestion is also welcome
Thanks in advance
Have a nice day
Maxime Ducharme
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire was recently named the worldwide market leader in Web
application security assessment tools by both Gartner and IDC.
Download a free trial of AppScan today and see why more customers choose
AppScan then any other solution. Try it today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic