Untitled

Hi Team,

This time I found this bug in your website designbombs.com

Vulnerability Type: No Valid SPF

Description:

I found out that there is no protection for your SMPT against email spoofing for the Following.   



[email protected]


Proof of concept :   

image.png


Check here

--->> http://www.kitterman.com/spf/validate.html

As a result, An attacker would send a Fake email from [email protected] 
The victim is aware of fake email attacks, But when he sees that the mail originated from [email protected], He has no other way than to believe it. Clicking on the link takes him to a website where certain JavaScript is executed which steals his ABOVE VULNERABLEDOMAINS Sensitive Informations. 

TEST SCRIPT:

<?php
$to = "[email protected]";
$subject = "[URGENT] VULBERA WEB PASSWORD RESET LINK or Payment request";
$txt = "Click here! - [VIRUS LINK HERE]";
$headers = "From: [email protected]";
mail($to,$subject,$txt,$headers);
?>

Impact

Case 1 :

we can Send a Fake Email Of Password Reset link where we can attach out fake page to extract the password of the Victim

Case 2 :

Fake Payment Request From Department Like if an attacker sends an email that he needs $500 or more For the Following work blah blah on the following PayPal or etc and send it To Admin 
Using Email like 
[email protected]
so an admin or payment head will see that this email came from his own domain from their payment department and he can send it due to a trusted domain name. 

Thanks.

Sincerely,
John Lee