|Join hundreds of InfoSec professionals at our upcoming |
[Global AppSec Amsterdam, September 23-27]
OWASP Periodic Table of Vulnerabilities - Mail Command Injection
Mail Command Injection
Root Cause Summary
An application includes dynamic data in SMTP communications without sanitizing or encoding the data. The structure of the data changes the meaning of the mail commands or allows an attacker to inject new commands.
Browser / Standards Solution
Generic Framework Solution
The framework should provide safe libraries for interacting with mail server systems which automatically encodes and escapes data to prevent alterations to the intended functionality.
Custom Framework Solution
Custom Code Solution
Discussion / Controversy