Vulnerability Name: DMARC RECORD MISSING
Vulnerable URL:https://www.sparta.eu/
HOW TO REPRODUCE(POC-ATTACHED):-
1.GO TO- https://mxtoolbox.com/
2.ENTER THE WEBSITE(sparta.eu).
CLICK GO.
3.YOU WILL SEE THE FAULT(No DMARC Record found).
4.In the new page that loads change MXLookup to DMARCLookup.
Extra information
Impact:
Spammers can forge the "From" address on email messages to make messages
appear to come from someone in your domain.
If spammers use your domain to send spam or junk email, your domain quality
is negatively affected.
People who get the forged emails can mark them as spam or junk, which can
impact authentic messages sent from your domain.
Attachment:
Vulnerability Name:No valid SPF record.
DESCRIPTION:
An SPF record is a type of Domain Name Service (DNS) record that identifies
which mail servers are permitted to send email on behalf of your domain.
The purpose of an SPF record is to prevent spammers from sending messages
with forged From addresses at your domain.
Vulnerable Domain :sparta.eu
Steps To Reproduce:
1) Checking Missing SPF:
There Are Various Ways of Checking Missing SPF Records on a website But the
Most Common and Popular way is kitterman.com
Steps to Check SPF Records on a website:-
Go to http://www.kitterman.com/spf/validate.html
Enter Target Website Ex:sparta.eu
(Do Not Add https/http or www)Hit Check SPF (IF ANY)
If You seem any SPF Record than Domain is Not Vulnerable But if you see
no SPF
record here,it is vulnerable
2) Attack Scenario & Poc:
Once There is No SPF Records.An Attacker Can Spoof Email Via any Fake
Mailer Like Emkei.cz.An <http://emkei.cz.an/> Attacker Can Send Email From
name "Security" and Email: "security(a)target.com" With Social Engineering
Attack He Can TakeOver User Account Let Victim Knows the Phishing Attack
but When He See The Email from the Authorized Domain.He Got tricked Easily.
Exploit:
For testing i am forgering support(a)sparta.eu
How to reproduce this
1.Go to https://emkei.cz/
2. Fill all the details
like
Name - support sparta
email - support(a)sparta.eu
to - my email address
etc
send email
3. It will directly send a mail from support(a)sparta.eu
to my email
Impact :
Attacker can use official mail for phishing attack. which can be used for
phishing attack. At it is from official mail, user will definitely trust it
and will be tricked in phishing trap.
Attachment:
*Vulnerability Name : Click jacking*
Target URL:https://www.sparta.eu/
Vulnerability Description :
Click jacking (User Interface redress attack, UI redress attack, UI
redressing) is a malicious technique of tricking a Web user into clicking
on something different from what the user perceives they are clicking on,
thus potentially revealing confidential information or taking control of
their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this
website could be at risk of a click jacking attack. The X-Frame-Options
HTTP response header can be used to indicate whether or not a browser
should be allowed to render a page in a <frame> or <iframe>. Sites can use
this to avoid click jacking attacks, by ensuring that their content is not
embedded into other sites.
Typically there is one type of attack - cross site request forgeries (CSRF)
that can interact with functions on other websites.
1) This vulnerability affects Web Server.
<html>
<head>
<title>Clickjack test page</title>
</head>
<style>
#myBtn{
z-index: 999;
position: absolute;
top: 100px;
right: 50px;
color: white;
background-color: red;
}
</style>
<body>
<!-- <h1> A Sample Test Page </h1>
<p>Website is vulnerable to click jacking! </p>
<p>Avoid random clicks </p> -->
<div style="z-index:-9999; position:absolute;top:0; left:0;width: 70%;
height:70%">
<iframe src="https://www.sparta.eu/
"frame1" width="100%"
height="100%" >
</iframe></div>
<div align="right" style="position:absolute; top:1; left:0; z-index:1;
width: 70%;height:60%; text-align:left;">
<a href="https://www.sparta.eu/
"target="_blank"><button id="myBtn"> click here</button></a>
<!-- <a href="https://www.sparta.eu/
"><button id="myBtn">Open Modal</button></a> -->
<div id="myModal" class="modal">
<!-- Modal content -->
</div>
</body>
</html>
2.save it as <any name>.html eg s.html
3.and just simply open that..and click on button(direct login) its redirect
https://www.sparta.eu/
As far as i know this data is enough to prove that your site is
vulnerable to Click jacking.
Impact:
Attacker may tricked user, sending them malicious link then user open it
clicked some image and their account unconsciously has been deactivated .
Attachment:
Hi team,
While performing security testing of your website i have found the
vulnerability called Clickjacking.
Many URLS are in scope and vulnerable to Clickjacking.
What is Clickjacking ?
Clickjacking (User Interface redress attack, UI redress attack, UI
redressing) is a malicious technique of tricking a Web user into clicking
on something different from what the user perceives they are clicking on,
thus potentially revealing confidential information or taking control of
their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this
website could be at risk of a clickjacking attack. The X-Frame-Options HTTP
response header can be used to indicate whether or not a browser should be
allowed to render a page in a <frame> or <iframe>. Sites can use this to
avoid clickjacking attacks, by ensuring that their content is not embedded
into other sites.
This vulnerability affects Web Server.
Steps to Reproduce / POC
Vulnerable Urls:https://www.sparta.eu <https://www.solidpixels.net>
Put every above url one by one in the code of iframe, which is given below
<!DOCTYPE HTML>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<title>I Frame</title>
</head>
<body>
<h3>clickjacking vulnerability</h3>
<iframe src="https://www.sparta.eu <https://www.solidpixels.net>"height="550px"
width="700px"></iframe>
</body>
</html>
By Ridoy Mia
mdridoymia660(a)gmail.com
Notice that site is visible in the Iframe
POC is in the attachments. Thanks, waiting for your response.
Impact
Using a similar technique, keystrokes can also be hijacked. With a
carefully crafted combination of stylesheets, iframes, and text boxes, a
user can be led to believe they are typing in the password to their email
or bank account, but are instead typing into an invisible frame controlled
by the attackers
Dear Team,
I am Vaishnavi Pardeshi working as a security researcher and I found a bug
in your website . Report of bug is as Follows .
a) VULNERABILITY TYPE- SPF RECORD NOT FOUND
b) HOW TO REPRODUCE(POC-ATTACHED IMAGE):-
1.GO TO- https://www.kitterman.com/spf/validate.html
<https://mxtoolbox.com/>
2.put this " sparta.eu " and CLICK GET SPF RECORD
3.YOU WILL SEE THE FAULT(NO SPF RECORD FOUND )
4.In the new page that loads shows NO SPF RECORD FOUND
c) Impact
*Not* having *SPF* (Sender Policy Framework) record for a domain may help
an attacker to send spoofed email, which will look like, originated from
the real domain. *Not* only that, but this will also result in land emails
in the SPAM box when *SPF missing*.
d) Solution :
Enable SPF RECORD
Kind regards ,
Vaishnavi Pardeshi
Hi Team
A DMARC record is the record where the DMARC rulesets are defined. This
record informs the ISPs (like Gmail, Microsoft, Yahoo! etc.) if a domain is
set up to use DMARC. The DMARC record contains the policy. The DMARC record
should be placed in your DNS. The TXT record name should be “_
dmarc.yourdomain.com.” where “yourdomain.com” is replaced with your actual
domain name (or subdomain).
After DMARC has been implemented, it allows you to:
Monitor, detect, and fix real-world problems with your email delivery
See the email volumes you are delivering to inboxes (including which ones)
Identify threat emails pretending to come from your domain (i.e.,
spoofing/phishing)
Control the delivery of your email and defend against spoofing attacks.
Steps To Reproduce:
1) Checking Missing DMARC:-
There Are Various Ways of Checking Missing DMARC Records on a website But
the Most Common and Popular way is mxtoolbox.com
Steps to Check DMARC Records on a website:-
Go to https://mxtoolbox.com
Enter target ex: <http://layahealthcare.ie>sparta.eu
<http://layahealthcare.ie> Not Add https/http or www)
Hit MXlookup (IF ANY)
OR you can simply on this link=>
https://mxtoolbox.com/SuperTool.aspx?action=mx%3a
<https://mxtoolbox.com/SuperTool.aspx?action=mx%3alayahealthcare.ie&run=tool…>
<https://mxtoolbox.com/SuperTool.aspx?action=mx%3alayahealthcare.ie&run=tool…>
sparta.eu <http://layahealthcare.ie>&run=toolpage
<https://mxtoolbox.com/SuperTool.aspx?action=mx%3alayahealthcare.ie&run=tool…>
If You seem any DMARC Record than Domain is Not Vulnle but still it can be
vulnerable if you set "Policy for domain p=none"
2) Attack Scenario & PoC:-
Once There is No DMARC Records. An Attacker Can Spoof Email Via any Fake
Mailer Like Emkei.cz.An Attacker Can Send Email From name "Support" and
Email: "support(a)target.com" With Social Engineering Attack He Can
TakeOver User Account Let Victim Knows the Phishing Attack but When He
See The Email from the Authorized Domain.He Got tricked Easily
Exploit:
Name: Hacked
Email: security(a)sparta.eu <security(a)layahealthcare.ie>
To - your email address
etc
3) It will directly send a mail from security(a)sparta.eu
<security(a)layahealthcare.ie> you in inbox, not
in spam.
Solution
Once SPF and DKIM are in place, you configure DMARC by adding policies to
your domain’s DNS records in the form of TXT records (just like with SPF or
DKIM).
The TXT record name should be dmarc.yourdomain.com where yourdomain.com is
replaced with your actual domain name (or subdomain)and set Policy for
domain p=reject
For more details visit:
https://www.dmarcanalyzer.com/how-to-create-a-dmarc-record
Impact
Attacker can use official career mail of security(a)sparta.eu
<security(a)layahealthcare.ie> for phishing attack. Career
email of sparta.eu <http://layahealthcare.ie> is security(a)sparta.eu
<security(a)layahealthcare.ie> At it is from official mail, user will
definitely trust it and will be tricked
in phishing
Thankspoo
