new posts

This commit is contained in:
casual 2024-12-12 15:48:15 +03:00
parent 1e4c71f2fd
commit 30ae58d906
2 changed files with 22 additions and 1 deletions

View File

@ -0,0 +1,21 @@
+++
title = 'BugBounty 101: Email Subscriptions'
date = 2024-12-18
+++
The most common vuln in email subscription that I've seen is spamming:
If you found any email subscription form, try to spam yourself by subscribing multiple times:
```sh
email@example.com (your original mail box)
email+random1@example.com (messages will be sent to 'email@example.com')
email+random2@example.com
...
```
Why company don't want it? It's possible to use this vuln to make all their emails appear in spam folder by-default by spamming innocent users which will report it as spam.
Other email hacks:
https://book.hacktricks.xyz/pentesting-web/email-injections

View File

@ -6,7 +6,7 @@ image = 'https://cdn.dribbble.com/users/722835/screenshots/6516126/spider800.gif
![](https://cdn.dribbble.com/users/722835/screenshots/6516126/spider800.gif) ![](https://cdn.dribbble.com/users/722835/screenshots/6516126/spider800.gif)
Crawler (or spider) - gets you all links that site have and reference to. It isn't [dirbusting](/hidden/todo), you can't get hidden directories with crawler. Crawler (or spider) - gets you all links that site have and reference to. It isn't [dirbusting](/hacking/howto_dirb), you can't get hidden directories with crawler.
With crawler you can more easily find hard to find website functions or interesting links (like URL parameters `example.com/get?promo=code`). With crawler you can more easily find hard to find website functions or interesting links (like URL parameters `example.com/get?promo=code`).