IMAP / SMTP Injection

This threat affects all the applications that communicate with mail servers (IMAP/SMTP), generally web mail applications. In IMAP/SMTP injection testing, testers check if it possible to inject arbitrary IMAP/SMTP commands into the mail servers, due to input data not properly sanitized. An IMAP/SMTP Injection attack breaks the following pattern:

Input -> IMAP/SMTP command == IMAP/SMTP Injection