CAPEC-134: Email Injection

攻击模式描述

An adversary manipulates the headers and content of an email message by injecting data via the use of delimiter characters native to the protocol.

前提条件

• The target application must allow the user to send email to some recipient, to specify the content at least one header field in the message, and must fail to sanitize against the injection of command separators.
• The adversary must have the ability to access the target mail application.

所需资源

• None: No specialized resources are required to execute this type of attack.

分类映射