Abstract

E-mail Header Injection vulnerability is a class of vulnerability that can occur in web applications that use user input to construct e-mail messages. E-mail Header Injection is possible when the mailing script fails to check for the presence of e-mail headers in user input (either form fields or URL parameters). The vulnerability exists in the reference implementation of the built-in mail functionality in popular languages such as PHP, Java, Python, and Ruby. With the proper injection string, this vulnerability can be exploited to inject additional headers, modify existing headers, and alter the content of the e-mail.

Original languageEnglish (US)
Pages (from-to)67
Number of pages1
JournalIT - Information Technology
Volume59
Issue number2
DOIs
StatePublished - Apr 20 2017

Keywords

  • E-mail Header Injection
  • Software security

ASJC Scopus subject areas

  • Computer Science(all)

Fingerprint

Dive into the research topics of 'E-mail header injection vulnerabilities'. Together they form a unique fingerprint.

Cite this