Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#26706 closed defect (worksforme)

The Tor Website SMTP Open Relay - eugeni.torproject.org

Reported by: t4rkd3vilz Owned by:
Priority: Medium Milestone:
Component: Webpages/Website Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

i’ve found an SMTP open relay vulnerability in 94.130.28.202
the vulnerability allows allatckers to send internal emails remotly without any authintication.

And i’ve provided a screenshot as a POC for this exploitation methodolgy

eugeni.torproject.org

vuln name : SMTP open relaay

root@kali:~# telnet 94.130.28.202 25
Trying 94.130.28.202...
Connected to 94.130.28.202.
Escape character is ']'.
220 eugeni.torproject.org ESMTP Postfix (Debian/GNU)
EHLO test
250-eugeni.torproject.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Child Tickets

Change History (1)

comment:1 Changed 2 years ago by irl

Resolution: worksforme
Status: newclosed 
Connected to eugeni.torproject.org.
Escape character is '^]'.
EHLO s220 eugeni.torproject.org ESMTP Postfix (Debian/GNU)
hiftout.plus.com
250-eugeni.torproject.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM:<irl@torproject.org>
250 2.1.0 Ok
RCPT TO:<irl@fsfe.org>
454 4.7.1 <irl@fsfe.org>: Relay access denied

220 eugeni.torproject.org ESMTP Postfix (Debian/GNU) [2721 ms]
EHLO EC2AMAZ-14J9QQI.mxtoolbox.com
250-eugeni.torproject.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN [719 ms]
MAIL FROM:<supertool@mxtoolbox.com>
250 2.1.0 Ok [719 ms]
RCPT TO:<test@mxtoolboxsmtpdiag.com>
454 4.7.1 <test@mxtoolboxsmtpdiag.com>: Relay access denied [706 ms]
Note: See TracTickets for help on using tickets.