Now that I finally got rid of WP-Forum, I can show you guys an Email Injection flaw that existed in that forum. An Email Injection flaw occur when a form is added to a web page that submits data to an email application, and user input is not filtered properly. A malicious user can exploit the MIME format to append additional information to the message being sent. This is possible because the MIME format uses a carriage return to delimit the information in a message. Adding carriage returns to submitted form data can allow an email application to be used to send thousands of messages at once. A spammer could exploit this to send large numbers of messages anonymously. Full Scale Video Here
You must be logged in to leave a comment.