Hey Team,
I am a security researcher,I have found this vulnerability related to your
website bash-hackers.org.
Description :
This report is about misconfigured spf record flag , which can be use
to abuse the organization by posing the identity ,
which allows to send fake mail by malicious actor on behalf of your
organization.
About the Issue :
As I have seen the SPF and TXT record for the bash-hackers.org
No valid SPF record found.
Valid SPF records prevent spammers from sending messages with bogus
From: addresses attached to your domain. You have no spf records spammers can
send phishing emails using emails registered on your domain.
so valid record should look like
:v=spf1 mx -all
Attack Scenario :
An attacker will send phishing mail or anything malicious mail to the
victim via mail :i...@bash-hackers.org ,
even if the victim is aware of phishing attack ,
he will check the Origin email which will be i...@bash-hackers.org ,
so he will be sure that its not fake mail and get trapped by attacker!
This can be done using any php mailer tool like this ,
<?php
$to = "vic...@example.com";$subject = "Password Change";
$txt = "Change your password by visiting here - [Malicious link here]";
$headers = "From: i...@bash-hackers.org";
mail($to,$subject,$txt,$headers);
?>
You can check your SPF record form here :
http://www.kitterman.com/spf/validate.html !
Reference :
https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliabilityhave
a look on the digitalocean article for the better understanding !
Hoping for a bounty for responsibly disclosing this issue to your
website.
Regards
Syed Maaz
