Untitled

Hi Team,

This time I found this bug in your website designbombs.com

Vulnerability Type: No Valid SPF

Description:

I found out that there is no protection for your SMPT against email spoofing for the Following.   



info@designbombs.com


Proof of concept :   

image.png


Check here

--->> http://www.kitterman.com/spf/validate.html

As a result, An attacker would send a Fake email from support@YOURVULNERABLEDOMAINS.com 
The victim is aware of fake email attacks, But when he sees that the mail originated from support@VULNERABLEDOMAINS.com, He has no other way than to believe it. Clicking on the link takes him to a website where certain JavaScript is executed which steals his ABOVE VULNERABLEDOMAINS Sensitive Informations. 

TEST SCRIPT:

<?php
$to = "VICTIM@email.com";
$subject = "[URGENT] VULBERA WEB PASSWORD RESET LINK or Payment request";
$txt = "Click here! - [VIRUS LINK HERE]";
$headers = "From: attacker@VulnerableDOMAINabove.com";
mail($to,$subject,$txt,$headers);
?>

Impact

Case 1 :

we can Send a Fake Email Of Password Reset link where we can attach out fake page to extract the password of the Victim

Case 2 :

Fake Payment Request From Department Like if an attacker sends an email that he needs $500 or more For the Following work blah blah on the following PayPal or etc and send it To Admin 
Using Email like 
info@designbombs.com
so an admin or payment head will see that this email came from his own domain from their payment department and he can send it due to a trusted domain name. 

Thanks.

Sincerely,
John Lee