RE: WASC-Announcement: MX Injection - Capturing and Exploiting Hidden Mail Servers By Vicente Aguilera Diaz

From: Eyal Udassin (eyal@swiftcoders.com)
Date: Sat Dec 16 2006 - 16:43:23 EST

• Next message: Jordan Wiens: "Re: Gain root access on linux servers with physical access"
• Previous message: Davide Carnevali: "Re: Pen-testing - pricing model"
• In reply to: robert@webappsec.org: "WASC-Announcement: MX Injection - Capturing and Exploiting Hidden Mail Servers By Vicente Aguilera Diaz"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

Quite similar to NGSSoftware's email spoofing using CDONTS.Newmail paper
published almost 5 years ago:
http://www.nextgenss.com/papers/aspmail.pdf

Regards,
Eyal Udassin - Swift Coders
POB 1596, Ramat Hasharon, Israel
eyal@swiftcoders.com / www.swiftcoders.com
+972-547-684989

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of robert@webappsec.org
Sent: Monday, December 11, 2006 5:55 PM
To: pen-test@securityfocus.com
Subject: WASC-Announcement: MX Injection - Capturing and Exploiting Hidden
Mail Servers By Vicente Aguilera Diaz

The Web Application Security Consortium is proud to present 'MX Injection:
Capturing and Exploiting Hidden Mail Servers' written by Vicente Aguilera
Diaz of Internet Security Auditors. In this article Vicente discusses how an
attacker can inject additional commands into an online web mail application
communicating with an IMAP/SMTP server.

This document can be found at http://www.webappsec.org/projects/articles/ .

Regards,

- Robert Auger

articles_at_webappsec.org
http://www.webappsec.org

----------------------------------------------------------------------------
--------
Are you interested in writing a 'Guest Article' for the WASC? Additional
information on article guidelines may be found at
http://www.webappsec.org/articles/. Inquires can be sent to
articles_at_webappsec.org

"Contributed articles may include industry best practices, technical
information about current issues, innovative defense techniques, etc. NO
VENDOR PITCHES OR MARKETING GIMMICKS PLEASE. We are only soliciting concrete
information from the experts on the front lines of the web application
security field."
<a href="http://www.webappsec.org">http://www.webappsec.org>
----------------------------------------------------------------------------
--------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
0008bOW
------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Jordan Wiens: "Re: Gain root access on linux servers with physical access"
• Previous message: Davide Carnevali: "Re: Pen-testing - pricing model"
• In reply to: robert@webappsec.org: "WASC-Announcement: MX Injection - Capturing and Exploiting Hidden Mail Servers By Vicente Aguilera Diaz"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:27 EDT