#26706 closed defect (worksforme)
The Tor Website SMTP Open Relay - eugeni.torproject.org
Reported by: | t4rkd3vilz | Owned by: | |
---|---|---|---|
Priority: | Medium | Milestone: | |
Component: | Webpages/Website | Version: | |
Severity: | Normal | Keywords: | |
Cc: | Actual Points: | ||
Parent ID: | Points: | ||
Reviewer: | Sponsor: |
Description
i’ve found an SMTP open relay vulnerability in 94.130.28.202
the vulnerability allows allatckers to send internal emails remotly without any authintication.
And i’ve provided a screenshot as a POC for this exploitation methodolgy
eugeni.torproject.org
vuln name : SMTP open relaay
root@kali:~# telnet 94.130.28.202 25
Trying 94.130.28.202...
Connected to 94.130.28.202.
Escape character is ']'.
220 eugeni.torproject.org ESMTP Postfix (Debian/GNU)
EHLO test
250-eugeni.torproject.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Child Tickets
Note: See
TracTickets for help on using
tickets.