TY - JOUR
T1 - E-mail header injection vulnerabilities
AU - Chandramouli, Sai Prashanth
AU - Zhao, Ziming
AU - Doupé, Adam
AU - Ahn, Gail Joon
N1 - Publisher Copyright:
© 2017 De Gruyter Oldenbourg. All rights reserved.
PY - 2017/4/20
Y1 - 2017/4/20
N2 - E-mail Header Injection vulnerability is a class of vulnerability that can occur in web applications that use user input to construct e-mail messages. E-mail Header Injection is possible when the mailing script fails to check for the presence of e-mail headers in user input (either form fields or URL parameters). The vulnerability exists in the reference implementation of the built-in mail functionality in popular languages such as PHP, Java, Python, and Ruby. With the proper injection string, this vulnerability can be exploited to inject additional headers, modify existing headers, and alter the content of the e-mail.
AB - E-mail Header Injection vulnerability is a class of vulnerability that can occur in web applications that use user input to construct e-mail messages. E-mail Header Injection is possible when the mailing script fails to check for the presence of e-mail headers in user input (either form fields or URL parameters). The vulnerability exists in the reference implementation of the built-in mail functionality in popular languages such as PHP, Java, Python, and Ruby. With the proper injection string, this vulnerability can be exploited to inject additional headers, modify existing headers, and alter the content of the e-mail.
KW - E-mail Header Injection
KW - Software security
UR - http://www.scopus.com/inward/record.url?scp=85050545800&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85050545800&partnerID=8YFLogxK
U2 - 10.1515/itit-2016-0039
DO - 10.1515/itit-2016-0039
M3 - Article
AN - SCOPUS:85050545800
SN - 1611-2776
VL - 59
SP - 67
JO - IT - Information Technology
JF - IT - Information Technology
IS - 2
ER -