Network Security: Detailed info on RE: WASC-Announcement: MX Injection

Subject:	RE: WASC-Announcement: MX Injection - Capturing and Exploiting Hidden Mail Servers By Vicente Aguilera Diaz
Date:	Sat, 16 Dec 2006 23:43:23 +0200

Hi,

Quite similar to NGSSoftware's email spoofing using CDONTS.Newmail paper
published almost 5 years ago:
http://www.nextgenss.com/papers/aspmail.pdf

Regards,
Eyal Udassin - Swift Coders
POB 1596, Ramat Hasharon, Israel
eyal@swiftcoders.com / www.swiftcoders.com
+972-547-684989

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of robert@webappsec.org
Sent: Monday, December 11, 2006 5:55 PM
To: pen-test@securityfocus.com
Subject: WASC-Announcement: MX Injection - Capturing and Exploiting Hidden
Mail Servers By Vicente Aguilera Diaz

The Web Application Security Consortium is proud to present 'MX Injection:
Capturing and Exploiting Hidden Mail Servers' written by Vicente Aguilera
Diaz of Internet Security Auditors. In this article Vicente discusses how an
attacker can inject additional commands into an online web mail application
communicating with an IMAP/SMTP server. 


This document can be found at http://www.webappsec.org/projects/articles/ .

Regards,

- Robert Auger

articles_at_webappsec.org
http://www.webappsec.org

----------------------------------------------------------------------------
--------
Are you interested in writing a 'Guest Article' for the WASC? Additional
information on article guidelines may be found at
http://www.webappsec.org/articles/. Inquires can be sent to
articles_at_webappsec.org

"Contributed articles may include industry best practices, technical
information about current issues, innovative defense techniques, etc. NO
VENDOR PITCHES OR MARKETING GIMMICKS PLEASE. We are only soliciting concrete
information from the experts on the front lines of the web application
security field."
<a href="http://www.webappsec.org";>http://www.webappsec.org</a>
----------------------------------------------------------------------------
--------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
0008bOW
------------------------------------------------------------------------




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
WASC-Announcement: MX Injection - Capturing and Exploiting Hidden Mail Servers By Vicente Aguilera Diaz, robert RES: WASC-Announcement: MX Injection - Capturing and Exploiting Hidden Mail Servers By Vicente Aguilera Diaz, Marcelo Leão Caffaro Re: WASC-Announcement: MX Injection - Capturing and Exploiting Hidden Mail Servers By Vicente Aguilera Diaz, Thiago Zaninotti Re: WASC-Announcement: MX Injection - Capturing and Exploiting Hidden Mail Servers By Vicente Aguilera Diaz, Joseph McCray RE: WASC-Announcement: MX Injection - Capturing and Exploiting Hidden Mail Servers By Vicente Aguilera Diaz, Eyal Udassin <=

Previous by Date:	Re: Pen-testing - pricing model, Davide Carnevali
Next by Date:	Re: Gain root access on linux servers with physical access, Jordan Wiens
Previous by Thread:	Re: WASC-Announcement: MX Injection - Capturing and Exploiting Hidden Mail Servers By Vicente Aguilera Diaz, Joseph McCray
Next by Thread:	WASC Articles Project - Call for Participants, robert
Indexes:	[Date] [Thread] [Top] [All Lists]

RE: WASC-Announcement: MX Injection - Capturing and Exploiting Hidden Ma