22 lines
653 B
Markdown
22 lines
653 B
Markdown
|
+++
|
||
|
title = 'BugBounty 101: Email Subscriptions'
|
||
|
date = 2024-12-18
|
||
|
+++
|
||
|
|
||
|
The most common vuln in email subscription that I've seen is spamming:
|
||
|
|
||
|
If you found any email subscription form, try to spam yourself by subscribing multiple times:
|
||
|
|
||
|
```sh
|
||
|
email@example.com (your original mail box)
|
||
|
email+random1@example.com (messages will be sent to 'email@example.com')
|
||
|
email+random2@example.com
|
||
|
...
|
||
|
```
|
||
|
|
||
|
Why company don't want it? It's possible to use this vuln to make all their emails appear in spam folder by-default by spamming innocent users which will report it as spam.
|
||
|
|
||
|
Other email hacks:
|
||
|
https://book.hacktricks.xyz/pentesting-web/email-injections
|
||
|
|