Planet DesKel

DesKel's official page for CTF write-up, Electronic tutorial, review and etc.

13 September 2020 write-up: old-47

Link point tag
old-47 150 Email Header Injection

Greeting and good day, welcome to another CTF style challenge. Today’s challenge is about email header injection.


Look like we have to send the subject header, let’s do it.


The flag seems to be redacted. Alright, time for the email header injection. Firstly, we have to change the input html tag to textarea tag. Because we need CRLR injection to be able to work with the email injection.


Input a subject follow by Cc as your email

Cc: <your email>

After a jiff, you should receive the flag in your mail inbox. Also, the email response will display your cc status.



tags: - email_injection

Thanks for reading. Follow my twitter for latest update

If you like this post, consider a small donation. Much appreciated. :)


© 2020 DesKel