The Web Application Security Consortium is proud to present ‘MX Injection: Capturing and Exploiting Hidden Mail Servers’. This article discusses how an attacker can inject additional commands into an online web mail application communicating with an IMAP/SMTP server.
You can download it from the following link: https://packetstormsecurity.com/files/download/52954/121106.pdf
Source: https://packetstormsecurity.com/files/52954/121106.pdf.html