Email Spoofing
Low
P
PortSwigger Web Security
Submitted None
Actions:
Reported by
dhamu007
Vulnerability Details
Technical details and impact analysis
There is an Email Spoofing Vulnerability.
Steps to reproduce:
1) Go to http://emkei.cz/
2) Fill "From Email" field to [email protected] or any other portswigger email.
3) Fill the victim's address (your address) to "TO" field and fill in other details as you wish.
You will receive email from portswigger.net admin.
Reference:
https://hackerone.com/reports/575
Note: If you don't find it in your inbox, see spam folder. If the victim is using Gmail account it might be in spam folder. In other mailing service like yahoo it is directly received in inbox.
Report Details
Additional information and metadata
State
Closed
Substate
Not-Applicable
Submitted
Weakness
Violation of Secure Design Principles