HackTricks
Search…
Pentesting
Powered By GitBook
Email Header Injection

Inject Cc and Bcc after sender argument

The message will be sent to the recipient and recipient1 accounts.

Inject argument

The message will be sent to the original recipient and the attacker account.

Inject Subject argument

1
From:[email protected]%0ASubject:This is%20Fake%20Subject
Copied!
The fake subject will be added to the original subject and in some cases will replace it. It depends on the mail service behavior.

Change the body of the message

Inject a two-line feed, then write your message to change the body of the message.
1
From:[email protected]%0A%0AMy%20New%20%0Fake%20Message.
Copied!
Last modified 5mo ago