SPF Record Missing Vulnerability Record from Salvation X on 2020-06-28 (public-security-disclosure@w3.org from June 2020)

From: Salvation X <salvationx30@gmail.com>
Date: Mon, 29 Jun 2020 01:06:23 +0530
To: public-security-disclosure@w3.org
Message-ID: <CAOy4sis8Lfq0N+R4QeyhWtvPjaxms=0bJArZuvPuLrRYHxhuTA@mail.gmail.com>

Name = Tushar marwa
Mail=salvationx30@gmail.com

Vulnerability Name = SPF Record Missing

Vulnerability Severity = Medium

Attack Scenario & PoC:-
Once There is No SPF Records.An Attacker Can Spoof Email Via any Fake
Mailer Like Emkei.cz.An Attacker Can Send Email From name "Support" and
Email: "support@target.com" With Social Engineering Attack He Can TakeOver
User Account Let Victim Knows the Phishing Attack but When He See The Email
from the Authorized Domain.He Got tricked Easily.

Vulnerable Domain - What Is SPF Records?

An SPF record is a type of Domain Name Service (DNS) record that identifies
which mail servers are permitted to send email on behalf of your domain.
The purpose of an SPF record is to prevent spammers from sending messages
with forged From addresses at your domain.
Checking Missing SPF:-
There Are Various Ways of Checking Missing SPF Records on a website But the
Most Common and Popular way is kitterman.com

Steps to Check SPF Records on a website:-
Go to http://www.kitterman.com/spf/validate.html

Enter Target Website Ex: target.com (Do Not Add https/http or www)
Hit Check SPF (IF ANY)

If You seem any SPF Record than Domain is Not Vulnerable But if you see
Nothing Here then "HURRAY! You Found a Bug"

Attack Scenario & PoC:-
Once There is No SPF Records.An Attacker Can Spoof Email Via any Fake
Mailer Like Emkei.cz.An Attacker Can Send Email From name "Support" and
Email: "support@target.com" With Social Engineering Attack He Can TakeOver
User Account Lets say Victim Knows the Phishing Attacks but When He Sees
The Email from the Authorized Domain.He Gets tricked Easily.

Vulnerable Domain - www.w3.org

for testing i am forgering wai@w3.org

How to reproduce this

    go to https:Emkei.cz

    fill all the details
    like
    Name - support-w3
    email - wai@w3.org
    to - your email address

etc

send email

    it will directly send a mail from wai@w3.org to you

Impact

Once There are no SPF Records.An Attacker Can Spoof Email Via any Fake
Mailer Like Emkei.cz.An Attacker Can Send Email From name "Support" and
Email: "support@target.com" With Social Engineering Attack He Can TakeOver
User Account Lets say Victim Knows the Phishing Attacks but When He Sees
The Email from the Authorized Domain.He Gets tricked Easily.

Attachments

image/png attachment: W.org_Vulnerability.PNG

Received on Monday, 29 June 2020 15:13:09 UTC