After spending 2 to 3 months looking for bugs I couldn’t find anything. So I went on HackerOne’s Hacktivity page where you can read disclosed reports of vulnerabilities reported by researchers.
As I was reading the reports I found this vulnerability that I didn’t know about. The vulnerability was that you can spoof their email address and then the attacker can send emails from their email address which could lead to sending fake emails or attempts of phishing.
To see if you can send an email of a target domain you need to check if it has an SPF (Sender Policy Framework) Record. Its basically a framework that checks which hosts are authorized to send mail for a domain.
To check this visit https://www.kitterman.com/spf/validate.html There are many websites to check this but I find this very simple. Just type the domain name and click on Get SPF Record (if any).
For eg: If you receive an email like support@example.com then type example.com
If you get No valid SPF record you probably can send an email using that domain. To send an email visit https://emkei.cz . A lot of websites are available to send emails I just find this easy to use and the emails are received fairly quick. Fill in all the details and hit send and if you receive an email from that domain its vulnerable.
I tried this on the websites that I used to hack and 3 of them didn’t have the SPF record and so I reported them and after a few days they replied.
The first one turned out duplicate which led me thinking that the other two would be duped as well cause how easy it was to find, but they turned out to be valid and I received a bounty for it. 😁
Hope you find this useful, I tried my best to explain. Please share so that others can learn from it.
Follow me on X — https://x.com/abhishekY495
Thank You.
