Hello Team,
I am a security researcher and I founded this vulnerability.
I was able to do this because of the following DMARC record:
" No DMARC Record found "
How To Reproduce(POC-ATTACHED IMAGE):-
2.Enter the Website.CLICK GO.
3.You Will See the fault(DMARC Quarantine/Reject policy not enabled)
Fix:
1)Publish DMARC Record.
2)Enable DMARC Quarantine/Reject policy
3)Your DMARC record should look like
For more information you can use this blog
<?php
$subject = "Password Change";
$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
";
mail($to,$subject,$txt,$headers);
?>
Let me know if you need me to send another forged email, or if have any other questions.
Hoping for the bounty for my ethical Disclosure.
Best Regards
Security Researcher