Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneCrazy_criminal_bj-4545H1:981456
HistorySep 14, 2020 - 5:02 a.m.

Solana BBP: email spoofing

2020-09-1405:02:09
crazy_criminal_bj-4545
hackerone.com
113
JSON

email spoofing

Impact
step 1:visit: https://www.kitterman.com/spf/getspf3.py
step 2:in domain name, type:https://github.com/solana-labs/solana-program-library
step 3: check SPF record,
it will appear" No valid SPF record found"
step 4:visit: https://emkei.cz/
step 5:type name as support@solana-labs-program-library
type from mail as stage.github.com/solana-labs/[email protected]
step 6:check your inbox,their will be a spam in mailbox

Impact

email spoofing,Improper Authentication - Generic

JSON