SMTP Mail Header Injection

Lets take a scenario in which you are recieving mail when you submit any form on a web-app. Here is something what we can do .
Capture the Submit form request in Burpsuite and in Email parameter just add — —

“&email=your@email.com%0ACc:victim@email.com”

Check if you are recieving emails in both the accounts.

Impact:- Attacker can add custom headers and try to manipulate victim to give out information or visit pages he is not supposed to.