Vulnerability Found
vishal kumar vachheta
vishalsvachheta at gmail.com
Sun Sep 30 16:08:24 EDT 2018
Vulnerability Name : Missinginsufficient SPF Record
Vulnerability Description :
An SPF record is a Sender Policy Framework record and is used to indicate
to mail exchanges which hosts are authorized to send mail for a domain. It
is defined in RFC 4408 and clarified by RFC 7208.
Impact of these Vulnerability :
An SPF record is a type of Domain Name Service (DNS) record that identifies
which mail servers are permitted to send email on behalf of your domain.
The purpose of an SPF record is to prevent spammers from sending messages
with forged From addresses at your domain.
Vulnerable URL : " https://pidgin.im/ "
How to reproduce this vulnerability :
I just checked for SPF records for the myshopify.com domain, and there are
none, effectively allowing for spam to originate from that domain. you can
validate by testing yourself here:
http://www.kitterman.com/spf/validate.html
POC :
Responce :
Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20181001/d9a2f3d6/attachment.html>
More information about the security
mailing list