Hi there,
Kindly update me regarding the issue and hoping for a bug bounty from you for sending this bug ethically to you. Waiting for your response Always Best Regards On Thu, Mar 31, 2022 at 9:58 PM Arslan kabeer <[email protected]> wrote: > Hello Team, > I am a security researcher and I founded this vulnerability. > I just sent a forged email to my email address that appears to originate > from [email protected] > I was able to do this because of the following DMARC record: > > DMARC record lookup and validation for: formilux.org > > " No DMARC Record found " > > How To Reproduce(POC-ATTACHED IMAGE):- > 1.Go To- mxtoolbox.com/DMARC.aspx > 2.Enter the Website.CLICK GO. > 3.You Will See the fault(DMARC Quarantine/Reject policy not enabled) > > Fix: > 1)Publish DMARC Record. > 2)Enable DMARC Quarantine/Reject policy > 3)Your DMARC record should look like > "v=DMARC1; p=reject; sp=none; pct=100; ri=86400; rua=mailto: > [email protected]" > > For more information you can use this blog > (https://sendgrid.com/blog/what-is-dmarc/). > > <?php > $to = "[email protected]"; > $subject = "Password Change"; > $txt = "Change your password by visiting here - [VIRUS LINK HERE]l"; > $headers = "From:[email protected] > "; > mail($to,$subject,$txt,$headers); > > ?> > > Reference : > https://www.knownhost.com/wiki/email/troubleshooting/setting-up_spf-dkim-dmarc_records > > > Let me know if you need me to send another forged email, or if have any > other questions. > > > Hoping for the bounty for my ethical Disclosure. > Best Regards > Security Researcher >
