Hello Team,
I am a security researcher and I founded this vulnerability.
I just sent a forged email to my email address that appears to originate
from mailman(a)lists.frrouting.org
I was able to do this because of the following DMARC record:
DMARC record lookup and validation for: lists.frrouting.org
" No DMARC Record found "
How To Reproduce(POC-ATTACHED IMAGE):-
1.Go To- mxtoolbox.com/DMARC.aspx
2.Enter the Website.CLICK GO.
3.You Will See the fault(DMARC Quarantine/Reject policy not enabled)
Fix:
1)Publish DMARC Record.
2)Enable DMARC Quarantine/Reject policy
3)Your DMARC record should look like
"v=DMARC1; p=reject; sp=none; pct=100; ri=86400; rua=mailto:info@domain.com"
For more information you can use this blog
(https://sendgrid.com/blog/what-is-dmarc/)
<?php
$to = "VICTIM(a)example.com";
$subject = "Password Change";
$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
$headers = "From:mailman@lists.frrouting.org
";
mail($to,$subject,$txt,$headers);
?>
Reference :
https://www.knownhost.com/wiki/email/troubleshooting/setting-up_spf-dkim-dm…
Let me know if you need me to send another forged email, or if have any
other questions.
Hoping for the bounty for my ethical Disclosure.
Best Regards
Security Researcher
