[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Vulnerability Report(No SPF Record)
From: |
alex xmb ratchev |
Subject: |
Re: Vulnerability Report(No SPF Record) |
Date: |
Thu, 16 Feb 2023 21:27:55 +0100 |
On Thu, Feb 16, 2023, 8:50 PM Syed Maaz <azmik0725@gmail.com> wrote:
> Hey Team,
>
> I am a security researcher,I have found this vulnerability related to
> your website bash-hackers.org.
>
> Description :
>
>
> This report is about misconfigured spf record flag , which can be
> use to abuse the organization by posing the identity ,
> which allows to send fake mail by malicious actor on behalf of
> your organization.
> About the Issue :
> As I have seen the SPF and TXT record for the bash-hackers.org
>
> No valid SPF record found.
>
> Valid SPF records prevent spammers from sending messages with
> bogus From: addresses attached to your domain. You have no spf records
> spammers can send phishing emails using emails registered on your domain.
>
> so valid record should look like
>
> :v=spf1 mx -all
>
>
> Attack Scenario :
> An attacker will send phishing mail or anything malicious mail to
> the victim via mail :info@bash-hackers.org ,
> even if the victim is aware of phishing attack ,
> he will check the Origin email which will be info@bash-hackers.org
> ,
> so he will be sure that its not fake mail and get trapped by
> attacker!
> This can be done using any php mailer tool like this ,
>
> <?php
> $to = "VICTIM@example.com";$subject = "Password Change";
> $txt = "Change your password by visiting here - [Malicious link
> here]";
> $headers = "From: info@bash-hackers.org";
> mail($to,$subject,$txt,$headers);
> ?>
>
> You can check your SPF record form here :
> http://www.kitterman.com/spf/validate.html !
> Reference :
>
> https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliabilityhave
> a look on the digitalocean article for the better understanding !
>
the second link says 404
Hoping for a bounty for responsibly disclosing this issue to your
> website.
>
> Regards
> Syed Maaz
>