Web application security - the fast guide 1.1 | Page 145

Chapter 7 - Attack execution (3) P a g e | 145 Attack process: the original form listing is as follow: To: [email protected] From: [email protected] Subject: Site problem Confirm Order page doesn’t load Attacker will simply add bcc header to the user email address and the same message will be sent to the set addresses. %0aBcc:[email protected] And can add the spam message contents, thus the full SMTP request will be as follow To: [email protected] From: [email protected]%0aBcc:[email protected] m Subject: SPAAAAAM SUBBJECT Hello dear receiver this Is the spam message contents.