How I was able to send emails from anyone to anyone

2 weeks ago 18
BOOK THIS SPACE FOR AD
ARTICLE AD

Muhammad Zeeshan

As a bug bounty hunter, our job is to find security flaws in websites and applications. Most people think bug hunting is about finding complex vulnerabilities, but sometimes the simplest bugs can lead to the biggest discoveries.

Few years ago, while exploring a website lets say its called redacted.com that handles online stores and stuff, I stumbled upon a seemingly not harmful feature: the ability for users to set their sender email address. This email address is used later to send emails to customers or public. At first, this feature seemed harmless — after all, it’s common for users to customize their email settings.

However, as I dug deeper, I realized that there was no email verification involved when setting the sender email. So whenever you sent an email through their mail providers, with the sender email option, the attacker could easily impersonate anyone and send emails to anyone on behalf of somebody else on the platform or even in general. For example you could use any kind of mail like support@facebook.com or any kind of Gmails, Hotmails etc. or even can sent mails on behalf of other merchants that have their stores on platform.

Unfortunately, after 2 days of pending review — it was later decided that it was already an internal finding and the report was closed as internal duplicate. Later the bug got fixed.

So moral of the story is, sometimes things are right in front of you, you just don’t care to look at it.

Till this day its a simple but honestly I think was my most coolest find. Was really feeling like a hacker on this one. :D

I hope you enjoyed it, Thank you. :)

Read Entire Article