0x11 - Email Field Payload Injection
Did you know that email address fields can also be vulnerable to:
• Cross-Site Scripting (XSS)
• Template Injection (SSTI)
• Server-Side Request Forgery (SSRF)
• Parameter Pollution
• Header Injection
99% of modern web applications contain an email
field along their features
Whether it's within the register, login, contact forms or user details.
However most of the time, this attack path is overlooked due to assumptions that an email address cannot contain certain characters.
Which is not really true according to the RFC.
If you want to know more, I highly recommend the RTFR (Tread the bleeping RFC)
talk on YouTube about email injection -> https://www.youtube.com/watch?app=desktop&v=4ZsTKvfP1g0
How to do it
Find an email field in the target app
Personally I recommend your own's profile email especially if it reflected in the UI
Update the value using the
Email Injection
payloads in the file attachedReview the result after each update
-
Note that running intruder might not be optimal because it might overwrite previous values
Credit to Inti De Ceukelaire and Intigriti for their amazing research