Header Injection to Hero: How I Hijacked Emails and Made the Server Sing

A cyber security expert known as iski has detailed how they were able to exploit a lack of security measures on a company’s feedback page.
They detail how the day started badly with a burnt piece of toast, a cold coffee, and an unwanted trip down memory lane via Spotify.
The turning point of the day came when iski discovered an email form endpoint which seemed to have no security functions in place.
After discovering the endpoint, iski used a variety of tools to examine the endpoint and discovered that there was no validation of the email message.
This meant that iski was able to manipulate the email headers and iski discusses how this could have wider implications.
The company has since fixed the bug, and iski was compensated for discovering the vulnerability.
You can read the full article here: https://medium.com/@iski/header-injection-to-hero-how-i-hijacked-emails-and-made-the-server-sing-7b8817e3736c?

Fast Feed