Planet DesKel

DesKel's official page for CTF write-up, Electronic tutorial, review and etc.

Arduino
Backdoor Challenge Land CTFLearn CyberEDU Webhacking.kr TryHackMe, THM Short CTF
Hacking Tools
Donate
13 September 2020

Webhacking.kr write-up: old-47

Link point tag
old-47 150 Email Header Injection

Greeting and good day, welcome to another webhacking.kr CTF style challenge. Today’s challenge is about email header injection.

question

Look like we have to send the subject header, let’s do it.

send

The flag seems to be redacted. Alright, time for the email header injection. Firstly, we have to change the input html tag to textarea tag. Because we need CRLR injection to be able to work with the email injection.

injection

Input a subject follow by Cc as your email

<subject>
Cc: <your email>

After a jiff, you should receive the flag in your mail inbox. Also, the email response will display your cc status.

response

solve

tags: webhacking.kr - email_injection

Thanks for reading. Follow my twitter for latest update

If you like this post, consider a small donation. Much appreciated. :)

Vortex

© 2020 DesKel