php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Sec Bug #77636 Server Security Misconfiguration
Submitted: 2019-02-18 14:38 UTC Modified: 2019-02-23 10:23 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:0 of 0 (0.0%)
From: udayahire147 at gmail dot com Assigned:
Status: Open Package: Systems problem
PHP Version: Irrelevant OS: Windows 10
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: udayahire147 at gmail dot com
New email:
PHP Version: OS:

 

 [2019-02-18 14:38 UTC] udayahire147 at gmail dot com 
Description:
------------
Vulnerability Name: DMARC Record Missing (Email Spoofing).

VRT: Server Security Misconfiguration - Email Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain.

BUG URL:php.net


DESCRIPTION:- 

How to Reproduce the Issue :

1. Go to https://www.dmarcanalyzer.com/dmarc/dmarc-record-check/ and Check for DMARC records of "php.net"

2. Now Go to https://emkei.cz/

-Fill all the Details
-Like :

-Name - HACkEr_lol
-Email From - security@php.net
-Email To - Your Email Address

 etc

-Send Email

3. It will Directly send a Mail from security@php.net to You.


IMPACT:-

Attacker can do Email Spoofing and can Trick any User as the DMARC record is missing.


With Regards:
-UDAY AHIRE

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-02-23 10:23 UTC] cmb@php.net
-Package: *General Issues +Package: Systems problem
 [2021-11-01 06:00 UTC] pintulloyds at gmail dot com 
Go to https://emailauth.io/dmarc-generator and Check for DMARC records of "php.net"
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Nov 22 12:01:29 2024 UTC