Webhacking.kr write-up: old-47
|old-47||150||Email Header Injection|
Greeting and good day, welcome to another webhacking.kr CTF style challenge. Today’s challenge is about email header injection.
Look like we have to send the subject header, let’s do it.
The flag seems to be redacted. Alright, time for the email header injection. Firstly, we have to change the input html tag to textarea tag. Because we need CRLR injection to be able to work with the email injection.
Input a subject follow by Cc as your email
<subject> Cc: <your email>
After a jiff, you should receive the flag in your mail inbox. Also, the email response will display your cc status.
tags: webhacking.kr - email_injection
Thanks for reading. Follow my twitter for latest update
If you like this post, consider a small donation. Much appreciated. :)