new posts

content/hacking/BugBounty_101_email_subscription.md

@@ -0,0 +1,21 @@
++++
+title = 'BugBounty 101: Email Subscriptions'
+date = 2024-12-18
++++
+
+The most common vuln in email subscription that I've seen is spamming:
+
+If you found any email subscription form, try to spam yourself by subscribing multiple times:
+
+```sh
+email@example.com (your original mail box)
+email+random1@example.com (messages will be sent to 'email@example.com')
+email+random2@example.com
+...
+```
+
+Why company don't want it? It's possible to use this vuln to make all their emails appear in spam folder by-default by spamming innocent users which will report it as spam. 
+
+Other email hacks:  
+https://book.hacktricks.xyz/pentesting-web/email-injections
+

content/hacking/HowTo_crawl_website.md

@@ -6,7 +6,7 @@ image = 'https://cdn.dribbble.com/users/722835/screenshots/6516126/spider800.gif
 
 ![](https://cdn.dribbble.com/users/722835/screenshots/6516126/spider800.gif)
 
-Crawler (or spider) - gets you all links that site have and reference to. It isn't [dirbusting](/hidden/todo), you can't get hidden directories with crawler.  
+Crawler (or spider) - gets you all links that site have and reference to. It isn't [dirbusting](/hacking/howto_dirb), you can't get hidden directories with crawler.  
 
 With crawler you can more easily find hard to find website functions or interesting links (like URL parameters `example.com/get?promo=code`).