52 lines
2.0 KiB
Markdown
52 lines
2.0 KiB
Markdown
+++
|
|
title = 'BugBounty l0l: Email Subscriptions'
|
|
date = 2024-12-18
|
|
image = 'https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Ffluentcrm.com%2Fwp-content%2Fuploads%2F2022%2F08%2FScreenshot_18-2.jpg&f=1&nofb=1&ipt=858152baa98a508508a431682741b98b40e1ccecde013176cd08d3072cfea690&ipo=images'
|
|
+++
|
|
|
|
## Spam
|
|
|
|
|
|
|
|
The most common vuln in email subscription that I've seen is spamming:
|
|
|
|
If you found any email subscription form, try to spam yourself by subscribing multiple times:
|
|
|
|
```sh
|
|
email@example.com (your original mail box)
|
|
email+random1@example.com (messages will be sent to 'email@example.com')
|
|
email+random2@example.com
|
|
...
|
|
```
|
|
|
|
Why company don't want it? It's possible to use this vuln to make all their emails appear in spam folder by-default by spamming innocent users which will report it as spam.
|
|
|
|
### No CSRF and captcha
|
|
|
|
If you can subscribe via cURL copied command and rate limit is low, then you can get bounty for that depending on the bugbounty rules.
|
|
|
|
To do that - select request in devTools/Burp and copy as cURL command. Edit email and send request.
|
|
|
|
|
|
## HTML Injection
|
|
|
|
If you can inject HTML into additional email subscription fields (like name) (those fields oftem have characters limit), than you can create legitemate looking spam/scam/phishing email with like:
|
|
```html
|
|
# Base payload
|
|
<h1><a href=https://blog.ca.sual.in>YOU WIN LOTTERY
|
|
# use bit.ly to make link more shorter
|
|
<h1><a href=https://bit.ly/random>YOU WIN LOTTERY
|
|
# In some browsers/email clients you may not need https declaration
|
|
<h1><a href=blog.ca.sual.in>YOU WIN LOTTERY
|
|
# You can close </a></h1> tags so it would be more legal
|
|
```
|
|
|
|
Needless to say, if you are not character limited, then you can rewrite email to your liking
|
|
|
|
|
|
---
|
|
|
|
Other email hacks:
|
|
https://book.hacktricks.xyz/pentesting-web/email-injections
|
|
|