CVE-2002-1630

Step 1: Access the Vulnerable Page: The attacker accesses the sendmail.jsp page, typically located under a default installation directory of Oracle 9iAS.

Step 2: Craft the Malicious Payload: The attacker constructs a malicious email, including the desired sender, recipient, subject, and body. This crafted email may contain phishing links, malicious attachments, or other harmful content.

Step 3: Submit the Payload: The attacker submits the crafted email parameters through the sendmail.jsp page's input fields. The attacker might also inject malicious headers to bypass security measures.

Step 4: Email Delivery: The sendmail.jsp page, without proper sanitization, passes the attacker-controlled input directly to the underlying sendmail or mail command.

Step 5: Arbitrary Email Sending: The sendmail command executes, sending the attacker's crafted email to the specified recipient(s).

Step 6: Potential for Further Exploitation: Depending on the email content, the attacker may attempt to phish credentials, spread malware, or conduct other malicious activities.

The vulnerability stems from the sendmail.jsp page's lack of proper input validation and sanitization of user-supplied data, specifically the email parameters (e.g., recipient, sender, subject, body). The page likely directly calls a system command (e.g., sendmail or mail) to send the email, incorporating the user-provided input without sufficient filtering. This allows attackers to inject malicious content, including crafted email headers and bodies, to achieve their objectives. The root cause is a failure to implement input validation and output encoding, leading to command injection.