Email Header Manipulation Vulnerability

What is Email Header Manipulation Vulnerability ?

 Email Header Manipulation Vulnerability is a bug in which attacker can inject new and Desired header to The SMPT Conversation:

Let's Take an Example:

Consider the form  which allows users to send feedback about the application

Here, users can specify a From address and the contents of the message. The application passes this input to the PHP mail() command, which constructs the e-mail and performs the necessary SMTP conversation with its confi gured mail server. The mail generated is as follows:

To: admin@wahh-app.com 

From: marcus@wahh-mail.com 

Subject: Site problem 

Confirm Order page doesn’t load

The PHP mail() command uses an additional_headers parameter to set the message’s From address. This parameter is also used to specify other headers, including Cc and Bcc, by separating each required header with a newline character. Hence, an attacker can cause the message to be sent to arbitrary recipients by injecting one of these headers into the From fi eld, as illustrated in Figure 10-7.

This causes the mail() command to generate the following message: 

To: admin@wahh-app.com 

From: marcus@wahh-mail.com 

Bcc: all@wahh-othercompany.com 

Subject: Site problem 

Confirm Order page doesn’t load

Thanks...