电子邮件正文中是否存在注入漏洞? [英] Is there any injection vulnerability in the body of an email?

问题描述

AFAIK在正确使用用户数据时，电子邮件的HEADERS中只有一个漏洞吗?

AFAIK there is only a vulnerability within the HEADERS of an email when using user data correct?

我正在使用以下功能来清理数据，但是我在&页面上有一些textarea字段因此，这些内容可能包含换行符..因此，您是否想知道是否仅将用户数据放入电子邮件正文中，就可以不被清理掉了-除了剥离html之外，当然还可以吗?

I am using the below function to sanitize my data, however I have some textarea fields on the page & hence these may contain linebreaks.. so was wondering if that user data is only going to be put in the body of the email, can it not bother with being sanitized - apart from stripping html of course?

这是函数:

function is_injected($str) {

    $injections = array('(\n+)',
    '(\r+)',
    '(\t+)',
    '(%0A+)',
    '(%0D+)',
    '(%08+)',
    '(%09+)'
    );

    $inject = join('|', $injections);
    $inject = "/$inject/i";

    if (preg_match($inject,$str)) {
        return true;
    } else {
        return false;
    }

}

作为旁注，感到惊讶的是，目前没有用于邮件注入/电子邮件注入的标签.

As a side note, surprised there wasn't currently a tag for mail-injection / email-injection.

推荐答案

如果您要对邮件服务器使用本机SMTP，则正文中可能会有注入.

There's a possible injection in the body text if you're speaking native SMTP to the mail server.

一个单独的.会终止SMTP中的当前正文，因此理论上您可以让用户提供这样的输入:

A single . on its own terminates the current body in SMTP, so in theory you could have user supplied input like this:

some body text
.
MAIL FROM: <...>
RCPT TO: <...>
DATA
Subject: here's some spam

here's a new body

并且SMTP服务器可能允许第二条消息通过.

and the SMTP server might allow the second message through.

可以将某些SMTP服务器配置为通过不允许SMTP命令流水线来防止这种情况(即要求客户端在允许下一条命令之前先读取响应).

Some SMTP servers can be configured to prevent this by not allowing SMTP commands to be pipelined (i.e. requiring the client to read the response before permitting the next command).

这篇关于电子邮件正文中是否存在注入漏洞?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！