Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Problem about detecting "SMTP command injection", i.e. cr lf chars in we

from [Maxime Ducharme] Network Security [Permanent Link]
Subject: Problem about detecting "SMTP command injection", i.e. cr lf chars in web forms
Date: Thu, 24 Aug 2006 11:17:11 -0400 

Hello guys,
        I am looking for a solution to detect attacks
to web forms which allows to send an email.

Example :
contactus.asp which contains these fields :

- From Name
- From email
- Subject
- text

We noticed that some programs used to send email does
not properly filter the 3 first fields for carriage-return and
line-feed chars, which allows someone to add SMTP commands
in these fileds and constuct a valid SMTP session which
this person can control.

We are currently working at filtering these fileds in the applications
code, but we host many sites we do not manage.

I am looking for a way to detect these attacks with snort, is
someone aware of a rule for this kind of attack, or may help me wrtiing one
?

Any other idea/suggestion is also welcome

Thanks in advance

Have a nice day
 
Maxime Ducharme



-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web 
application security assessment tools by both Gartner and IDC. 
Download a free trial of AppScan today and see why more customers choose 
AppScan then any other solution. Try it today!
  
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Problem about detecting "SMTP command injection", i.e. cr lf chars in web forms, Maxime Ducharme <=
Previous by Date:  RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Enis Karaarslan
Next by Date:  Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, René Palige
Previous by Thread:  RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Joseph Peloquin
Next by Thread:  Hacme Casino v1.0, alex.smolen
Indexes:  [Date] [Thread] [Top] [All Lists]