Context Navigation

← Previous Ticket
Next Ticket →

#26706 closed defect (worksforme)

The Tor Website SMTP Open Relay - eugeni.torproject.org

Reported by:	t4rkd3vilz	Owned by:
Priority:	Medium	Milestone:
Component:	Webpages/Website	Version:
Severity:	Normal	Keywords:
Cc:		Actual Points:
Parent ID:		Points:
Reviewer:		Sponsor:

Description

i’ve found an SMTP open relay vulnerability in 94.130.28.202
the vulnerability allows allatckers to send internal emails remotly without any authintication.

And i’ve provided a screenshot as a POC for this exploitation methodolgy

eugeni.torproject.org

vuln name : SMTP open relaay

root@kali:~# telnet 94.130.28.202 25
Trying 94.130.28.202...
Connected to 94.130.28.202.
Escape character is '^{]'.

220 eugeni.torproject.org ESMTP Postfix (Debian/GNU)

EHLO test

250-eugeni.torproject.org

250-PIPELINING

250-SIZE 10240000

250-ETRN

250-STARTTLS

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN}

Child Tickets

Change History (1)

comment:1 Changed 5 months ago by irl

Resolution:	→ worksforme
Status:	new → closed

Connected to eugeni.torproject.org.
Escape character is '^]'.
EHLO s220 eugeni.torproject.org ESMTP Postfix (Debian/GNU)
hiftout.plus.com
250-eugeni.torproject.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM:<irl@torproject.org>
250 2.1.0 Ok
RCPT TO:<irl@fsfe.org>
454 4.7.1 <irl@fsfe.org>: Relay access denied

220 eugeni.torproject.org ESMTP Postfix (Debian/GNU) [2721 ms]
EHLO EC2AMAZ-14J9QQI.mxtoolbox.com
250-eugeni.torproject.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN [719 ms]
MAIL FROM:<supertool@mxtoolbox.com>
250 2.1.0 Ok [719 ms]
RCPT TO:<test@mxtoolboxsmtpdiag.com>
454 4.7.1 <test@mxtoolboxsmtpdiag.com>: Relay access denied [706 ms]

Note: See TracTickets for help on using tickets.

Download in other formats: