Thread: Vulnerability Report (DMARC RECORD)
Hello Team, I am a security researcher and I founded this vulnerability in your website. I just sent a forged email to my email address that appears to originate from pgsql-www@postgresql.org. I was able to dothis because of the following DMARC record: DMARC record lookup and validation for: postgresql.org " DMARC Quarantine/Reject policy not enabled " How To Reproduce(POC-ATTACHED IMAGE):- 1.Go To- mxtoolbox.com/DMARC.aspx 2.Enter the Website.CLICK GO. 3.You Will See the fault(DMARC Quarantine/Reject policy not enabled) Fix: 1)Publish DMARC Record. 2)Enable DMARC Quarantine/Reject policy For more information you can use this blog (https://sendgrid.com/blog/what-is-dmarc/). <?php $to = "VICTIM@example.com"; $subject = "Password Change"; $txt = "Change your password by visiting here - [VIRUS LINK HERE]l"; $headers = "From:pgsql-www@postgresql.org"; mail($to,$subject,$txt,$headers); ?> Reference : https://www.knownhost.com/wiki/email/troubleshooting/setting-up_spf-dkim-dmarc_records Let me know if you need me to send another forged email, or if have any other questions. Hoping for the bounty for my ethical Disclosure. Kind Regards Security Researcher
Attachment
On Fri, Apr 16, 2021 at 12:05 PM <arslan.whitehat@inbox.eu> wrote: > > Hello Team, > I am a security researcher and I founded this vulnerability in your website. First of all, this is not a vulnerability. Second, this is not about a website, it's about email. > Hoping for the bounty for my ethical Disclosure. Please note that 1. The PostgreSQL open source project does not have a bug bounty program. Individual vendors may, but not the open source project. 2. You announced your "discovery" publicly, that's not the normal way to get a bounty from *any* source. But luckily, it wasn't actually a vulnerability. //Magnus