diff --git a/content/hacking/BugBounty_101_email_subscription.md b/content/hacking/BugBounty_101_email_subscription.md new file mode 100644 index 0000000..2a3f1a9 --- /dev/null +++ b/content/hacking/BugBounty_101_email_subscription.md @@ -0,0 +1,21 @@ ++++ +title = 'BugBounty 101: Email Subscriptions' +date = 2024-12-18 ++++ + +The most common vuln in email subscription that I've seen is spamming: + +If you found any email subscription form, try to spam yourself by subscribing multiple times: + +```sh +email@example.com (your original mail box) +email+random1@example.com (messages will be sent to 'email@example.com') +email+random2@example.com +... +``` + +Why company don't want it? It's possible to use this vuln to make all their emails appear in spam folder by-default by spamming innocent users which will report it as spam. + +Other email hacks: +https://book.hacktricks.xyz/pentesting-web/email-injections + diff --git a/content/hacking/HowTo_crawl_website.md b/content/hacking/HowTo_crawl_website.md index 98dd2a7..e185881 100644 --- a/content/hacking/HowTo_crawl_website.md +++ b/content/hacking/HowTo_crawl_website.md @@ -6,7 +6,7 @@ image = 'https://cdn.dribbble.com/users/722835/screenshots/6516126/spider800.gif ![](https://cdn.dribbble.com/users/722835/screenshots/6516126/spider800.gif) -Crawler (or spider) - gets you all links that site have and reference to. It isn't [dirbusting](/hidden/todo), you can't get hidden directories with crawler. +Crawler (or spider) - gets you all links that site have and reference to. It isn't [dirbusting](/hacking/howto_dirb), you can't get hidden directories with crawler. With crawler you can more easily find hard to find website functions or interesting links (like URL parameters `example.com/get?promo=code`).