SMTP Injection via recipient email addresses
SMTP Injection is an attack technique that injects attacker-controlled SMTP commands into the data transmitted from an application (typically a web application) to an SMTP server for spamming purposes.
This paper describes a newly discovered attack technique utilizing crafted recipient email addresses, the attack mechanism and explains some vulnerability examples in email libraries on Java, Ruby, PHP and other platforms. Other attack techniques and countermeasures are also discussed.
A few RPO exploitation techniques
RPO (Relative Path Overwrite) is an elaborate attack technique publicized by Gareth Heyes in 2014. This attack utilizes a crafted URL (typically with a PATH_INFO) to force the target Web page to load itself as a stylesheet, when it contains both-relative stylesheets and attacker-controllable contents.
This paper describes: path manipulation techniques specific to some client / server environments, a technique to forcefully enable IE's CSS expression using CV, attack possibility on non-stylesheet relative URLs, a related vulnerability discovered in CakePHP framework, and countermeasures.
Identifier based XSSI attacks
This paper describes new attack techniques and browser vulnerabilities that allow attackers to steal simple text strings such as CSV, and more complex data under certain circumstances.
Attacking Android browsers via intent scheme URLs
Most major browsers for Android support intent scheme URLs. In general, intent scheme URL brings security risk as it gives malicious Web pages a chance to conduct intent-based attacks against installed apps. Therefore, browsers take measures to reduce the risk, but these measures are not necessarily enough.
This paper explains what an intent scheme URL is and presents three examples of Android browser's vulnerability related to intent scheme URL (including cookie file theft and universal XSS) and the countermeasure.
FilterExpression Injection attacks against ASP.NET applications
FilterExpression is a SQL-like filter language built in ASP.NET framework. Like SQL, injection attacks are possible if an application utilizes FilterExpression in an improper manner, which can result in data leakages under certain situations. This paper presents the “FilterExpression Injection,” its mechanism, impact, detection method and countermeasure.