| 翻訳と辞書 |
| Email injection : ウィキペディア英語版 |
Email injection
Email injection is a security vulnerability that can occur in Internet applications that are used to send email messages. It is the email equivalent of HTTP Header Injection. Like SQL injection attacks, this vulnerability is one of a general class of vulnerabilities that occur when one programming language is embedded within another.
When a form is added to a Web page that submits data to a Web application, a malicious user may exploit the MIME format to append additional information to the message being sent, such as a new list of recipients or a completely different message body. Because the MIME format uses a carriage return to delimit the information in a message, and only the raw message determines its eventual destination, adding carriage returns to submitted form data can allow a simple guestbook to be used to send thousands of messages at once. A malicious spammer could use this tactic to send large numbers of messages anonymously.〔
More information on this topic, including examples and ways to avoid the vulnerability, can be found at the (SecurePHP Wiki ).
However, this vulnerability is not limited to PHP; it can potentially affect ''any'' application that sends email messages based on input from arbitrary users.
==References==
抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』
■ウィキペディアで「Email injection」の詳細全文を読む
スポンサード リンク
| 翻訳と辞書 : 翻訳のためのインターネットリソース |
Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.
|
|