E-mail Form Injection - Vulnerability



email-injection

E-mail injection is not like SQL-injection because after giving it's name a look person first think of an interesting thing like SQL-injection and it can be used for spoofing . It is the most easy task.I won't make it long
Many sites have a contact forum which is called feedback forum.Of course most of them have secure feedback forum but some new site builders can make mistake in it . So a vulnerable feedback forum to E-mail injection can be used for a carbon copy to be sent to another person but not to site . You can find a field in a forum with the name of *YOUR EMAIL*.
Just by entering following string you can use their feedback forum

"sender@somesite.com%0ACc:victim@victimsdomain.com%0ABcc:   victim2@victimsdomain.com"

The uper injection would make a carbon copy of your subject to be sent to the users id which you will write at the place of *victim@victimsdomain.com* . As you can see that there is also *victim2* which means that the subject of your mail would be sent to another person also you can add as much people as you want . Back to the first statement of the injection there is written *sender@somesite.com* so just replace it with any site you want . It can be FACEBOOK as in this you might change that statement to *admin@facebook.com* .