new posts
This commit is contained in:
parent
1e4c71f2fd
commit
30ae58d906
21
content/hacking/BugBounty_101_email_subscription.md
Normal file
21
content/hacking/BugBounty_101_email_subscription.md
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
+++
|
||||||
|
title = 'BugBounty 101: Email Subscriptions'
|
||||||
|
date = 2024-12-18
|
||||||
|
+++
|
||||||
|
|
||||||
|
The most common vuln in email subscription that I've seen is spamming:
|
||||||
|
|
||||||
|
If you found any email subscription form, try to spam yourself by subscribing multiple times:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
email@example.com (your original mail box)
|
||||||
|
email+random1@example.com (messages will be sent to 'email@example.com')
|
||||||
|
email+random2@example.com
|
||||||
|
...
|
||||||
|
```
|
||||||
|
|
||||||
|
Why company don't want it? It's possible to use this vuln to make all their emails appear in spam folder by-default by spamming innocent users which will report it as spam.
|
||||||
|
|
||||||
|
Other email hacks:
|
||||||
|
https://book.hacktricks.xyz/pentesting-web/email-injections
|
||||||
|
|
@ -6,7 +6,7 @@ image = 'https://cdn.dribbble.com/users/722835/screenshots/6516126/spider800.gif
|
|||||||
|
|
||||||
![](https://cdn.dribbble.com/users/722835/screenshots/6516126/spider800.gif)
|
![](https://cdn.dribbble.com/users/722835/screenshots/6516126/spider800.gif)
|
||||||
|
|
||||||
Crawler (or spider) - gets you all links that site have and reference to. It isn't [dirbusting](/hidden/todo), you can't get hidden directories with crawler.
|
Crawler (or spider) - gets you all links that site have and reference to. It isn't [dirbusting](/hacking/howto_dirb), you can't get hidden directories with crawler.
|
||||||
|
|
||||||
With crawler you can more easily find hard to find website functions or interesting links (like URL parameters `example.com/get?promo=code`).
|
With crawler you can more easily find hard to find website functions or interesting links (like URL parameters `example.com/get?promo=code`).
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user