bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Vulnerability Report(No SPF Record)


From: Syed Maaz
Subject: Vulnerability Report(No SPF Record)
Date: Thu, 16 Feb 2023 19:21:14 -0000

    Hey Team,

    I am a security researcher,I have found this vulnerability related to your 
website bash-hackers.org.
    
    Description :


        This report is about misconfigured spf record flag , which can be use 
to abuse the organization by posing the identity ,
        which allows to send fake mail by malicious actor on behalf of your 
organization.
        About the Issue :
        As I have seen the SPF and TXT record for the bash-hackers.org
        
        No valid SPF record found.
        
        Valid SPF records prevent spammers from sending messages with bogus 
From: addresses attached to your domain. You have no spf records spammers can 
send phishing emails using emails registered on your domain.
        
        so valid record should look like

        :v=spf1 mx -all  
        
    
    Attack Scenario :   
        An attacker will send phishing mail or anything malicious mail to the 
victim via mail :info@bash-hackers.org , 
        even if the victim is aware of phishing attack , 
        he will check the Origin email which will be info@bash-hackers.org , 
        so he will be sure that its not fake mail and get trapped by attacker! 
        This can be done using any php mailer tool like this ,
        
        <?php
        $to = "VICTIM@example.com";$subject = "Password Change";
        $txt = "Change your password by visiting here - [Malicious link here]";
        $headers = "From:   info@bash-hackers.org";
        mail($to,$subject,$txt,$headers);
        ?>

        You can check your SPF record form here : 
http://www.kitterman.com/spf/validate.html !
        Reference :
        
https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliabilityhave
 a look on the digitalocean article for the better understanding !
         
        Hoping for a bounty for responsibly disclosing this issue to your 
website. 

        Regards
        Syed Maaz


reply via email to

[Prev in Thread] Current Thread [Next in Thread]