E-mail Form Injection - Vulnerability



email injection

E-mail injection is not like SQL-injection because after giving it's name a look person first think of an interesting thing like SQL-injection and it can be used for spoofing . It is the most easy task.I won't make it long
Many sites have a contact forum which is called feedback forum.Of course most of them have secure feedback forum but some new site builders can make mistake in it . So a vulnerable feedback forum to E-mail injection can be used for a carbon copy to be sent to another person but not to site . You can find a field in a forum with the name of *YOUR EMAIL*.
Just by entering following string you can use their feedback forum

"[email protected]%0ACc:[email protected]%0ABcc:   [email protected]"

The uper injection would make a carbon copy of your subject to be sent to the users id which you will write at the place of *[email protected]* . As you can see that there is also *victim2* which means that the subject of your mail would be sent to another person also you can add as much people as you want . Back to the first statement of the injection there is written *[email protected]* so just replace it with any site you want . It can be FACEBOOK as in this you might change that statement to *[email protected]* .