Email( spoofing)
350 views
Skip to first unread message
David silva
Oct 17, 2021, 6:42:28 PM10/17/21
to nebula-or...@googlegroups.com
Hello Team,
I am a security researcher and I found some Vulnerabilities in your site one of them is as following:
DESCRIPTION:
I just sent a forged email to my email address that appears to originate from nebula-or...@googlegroups.com I was able to do this because of the following DMARC record:
DMARC record lookup and validation for: googlegroups.com
"No DMARC Record found"
Or/And
"No DMARC Reject Policy"
FIX:
1) Publish DMARC Record. (If not already published)
2) Enable DMARC Quarantine/Reject policy
3) Your DMARC record should look like
"v=DMARC1; p=reject; sp=none; pct=100; ri=86400; rua=mailto:in...@domain.com"
This can be done using any PHP mailer tool like this,
<?php
$to = "VIC...@example.com";
$subject = "Password Change";
$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
$headers = "From: nebula-or...@googlegroups.com"”
mail($to,$subject,$txt,$headers);?
You can check your DMARC record form here:
https://mxtoolbox.com/SuperTool.aspx?action=mx%3alition.io&run=toolpage
Reference: https://www.knownhost.com/wiki/email/troubleshooting/setting-up_spf-dkimdmarc_records
Let me know if you need me to send another forged email, or if you have any other questions. I’m hoping to Receive a bounty reward for my current finding.
I will be looking forward to hearing from you on this and Will be reporting other vulnerabilities accordingly.
Stay Safe & Healthy.
davidofficial
Snapshots
I am a security researcher and I found some Vulnerabilities in your site one of them is as following:
DESCRIPTION:
I just sent a forged email to my email address that appears to originate from nebula-or...@googlegroups.com I was able to do this because of the following DMARC record:
DMARC record lookup and validation for: googlegroups.com
"No DMARC Record found"
Or/And
"No DMARC Reject Policy"
FIX:
1) Publish DMARC Record. (If not already published)
2) Enable DMARC Quarantine/Reject policy
3) Your DMARC record should look like
"v=DMARC1; p=reject; sp=none; pct=100; ri=86400; rua=mailto:in...@domain.com"
This can be done using any PHP mailer tool like this,
<?php
$to = "VIC...@example.com";
$subject = "Password Change";
$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
$headers = "From: nebula-or...@googlegroups.com"”
mail($to,$subject,$txt,$headers);?
You can check your DMARC record form here:
https://mxtoolbox.com/SuperTool.aspx?action=mx%3alition.io&run=toolpage
Reference: https://www.knownhost.com/wiki/email/troubleshooting/setting-up_spf-dkimdmarc_records
Let me know if you need me to send another forged email, or if you have any other questions. I’m hoping to Receive a bounty reward for my current finding.
I will be looking forward to hearing from you on this and Will be reporting other vulnerabilities accordingly.
Stay Safe & Healthy.
davidofficial
Snapshots
David silva
Oct 25, 2021, 5:34:03 AM10/25/21
to nebula-or...@googlegroups.com
Hello,
Is there any update on this bug? I'm hoping to receive a bounty reward for responsible disclosure once your team has validated the issue.
I will be waiting for your response.
Kind Regards.
David silva
Dec 23, 2021, 11:49:13 AM12/23/21
to nebula-or...@googlegroups.com
Hello,
Is there any update on this bug? I'm hoping to receive a bounty reward for responsible disclosure once your team has validated the issue.
I will be waiting for your response.
Kind Regards.
Reply all
Reply to author
Forward
0 new messages