[issue32606] Email Header Injection Protection Bypass
Dalton Campbell
report at bugs.python.org
Sun Jan 21 00:40:52 EST 2018
New submission from Dalton Campbell <drcampbell13 at gmail.com>:
The protection's implemented in https://github.com/python/cpython/blob/master/Lib/email/header.py to prevent Email Header injection can be bypassed by specifying an injected additional header in the following format:
example at python.org\ncc :injected at python.org
The white space bypasses the current regex protection (_embedded_header = re.compile(r'\n[^ \t]+:')) and is still accepted by the smtp server.
Attached is a proof of concept script
----------
components: Library (Lib)
files: PythonEmailHeaderInjectionPOC.py
messages: 310367
nosy: r.david.murray, thedoctorsoup
priority: normal
severity: normal
status: open
title: Email Header Injection Protection Bypass
type: security
Added file: https://bugs.python.org/file47396/PythonEmailHeaderInjectionPOC.py
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue32606>
_______________________________________
More information about the Python-bugs-list
mailing list