[tor-bugs] #26706 [Webpages/Website]: The Tor Website SMTP Open Relay - eugeni.torproject.org
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jul 9 14:58:29 UTC 2018
#26706: The Tor Website SMTP Open Relay - eugeni.torproject.org
----------------------------------+--------------------
Reporter: t4rkd3vilz | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Webpages/Website | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
----------------------------------+--------------------
i’ve found an SMTP open relay vulnerability in 94.130.28.202
the vulnerability allows allatckers to send internal emails remotly
without any authintication.
And i’ve provided a screenshot as a POC for this exploitation methodolgy
eugeni.torproject.org
vuln name : SMTP open relaay
root at kali:~# telnet 94.130.28.202 25
Trying 94.130.28.202...
Connected to 94.130.28.202.
Escape character is '^]'.
220 eugeni.torproject.org ESMTP Postfix (Debian/GNU)
EHLO test
250-eugeni.torproject.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26706>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list