On Thu, Feb 16, 2023, 8:50 PM Syed Maaz <[email protected]> wrote:
> Hey Team,
>
> I am a security researcher,I have found this vulnerability related to
> your website bash-hackers.org.
>
> Description :
>
>
> This report is about misconfigured spf record flag , which can be
> use to abuse the organization by posing the identity ,
> which allows to send fake mail by malicious actor on behalf of
> your organization.
> About the Issue :
> As I have seen the SPF and TXT record for the bash-hackers.org
>
> No valid SPF record found.
>
> Valid SPF records prevent spammers from sending messages with
> bogus From: addresses attached to your domain. You have no spf records
> spammers can send phishing emails using emails registered on your domain.
>
> so valid record should look like
>
> :v=spf1 mx -all
>
>
> Attack Scenario :
> An attacker will send phishing mail or anything malicious mail to
> the victim via mail :[email protected] ,
> even if the victim is aware of phishing attack ,
> he will check the Origin email which will be [email protected]
> ,
> so he will be sure that its not fake mail and get trapped by
> attacker!
> This can be done using any php mailer tool like this ,
>
> <?php
> $to = "[email protected]";$subject = "Password Change";
> $txt = "Change your password by visiting here - [Malicious link
> here]";
> $headers = "From: [email protected]";
> mail($to,$subject,$txt,$headers);
> ?>
>
> You can check your SPF record form here :
> http://www.kitterman.com/spf/validate.html !
> Reference :
>
> https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliabilityhave
> a look on the digitalocean article for the better understanding !
>
the second link says 404
Hoping for a bounty for responsibly disclosing this issue to your
> website.
>
> Regards
> Syed Maaz
>
