Skills
.Work. You
Rest

email-header-injection

Community

Detect SMTP header injection in web forms.

Software Engineering#smtp#payloads#security-testing#web-forms#crlf#bcc#header-injection
Authorxalgord
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Email header injection occurs when user input is included in email headers (To, From, Subject, Cc, Bcc) without sanitization. Attackers inject CRLF characters to add headers, enabling spam relay, Bcc-based data exfiltration, and email spoofing.

Core Features & Use Cases

  • Payload-based testing of header manipulation in common vectors including contact forms and registration flows.
  • Demonstrations of Bcc and Cc header insertion to verify real-world impact and assist remediation.
  • Guidance for developers on input sanitization, header validation, and safe mail library usage.

Quick Start

Test your target web forms for SMTP header injection by submitting crafted payloads to identify header manipulation vulnerabilities.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: email-header-injection
Download link: https://github.com/xalgord/xalgorix/archive/main.zip#email-header-injection

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.