Hi Team,
We have found your website vulnerable to this vulnerability.
Vulnerability Type: Mail Server Misconfiguration Leads To Hijack Your Mail Server Due To BAD DMARC Implementation/Cross-Site Scripting Attacks/ Malicious Payloads Injection/Victim PC Hijack
Severity: Critical
Description:
DMARC Quarantine/Reject policy is not enabled on novu.co so due to this attackers will be able to send an email using your domain novu.co to your users.
Due to this vulnerability, Attackers will be able to use any email of your application and send email to any one of your users,
Proof of concept is attached.
Impact:
Attackers will be able to send an email using your email
support@novu.co
and other official emails of your company/staff members which will result in your business and reputation loss by sending unwanted emails to your users/clients as a result of exploiting this vulnerability.
Attackers will be able to take over any user account by sending your user's malicious links using your company/official emails which will result in a complete account takeover of any user as they will follow any instructions given by your official company emails. And more they will be able to do anything with your users by communicating with them by using your company/emails.
Attackers will be able to execute malicious scripts on the victim's PC by sending them malicious URLs and payloads directly via email as the clients will see that these are from authenticated sources of your company email which will result in malicious payloads/URLs being injected into your users PC.
Attackers will also be able to attach malicious files using your email and once the files get downloaded to the victim PC resulting in a victim PC hijack.
- Cross-Site Scripting Attacks
- Account Takeover
- Transactions Performed
- Money Scam
- Actions Performed by Attackers
- Malicious Code Execution
- Victim PC Hijack
- Malicious Files Get Downloaded To The Victim PC
Attack Scenario:
An assailant would send an email saying "with any unwanted information" (or any malicious files attached with the email and instruct them to download it) using your company emails like
support@novu.co
and any email which is found to be linked with your domain. Clicking on the connection takes him to a site where certain JavaScript is executed which takes his novu.co information. The outcomes will be more perilous. POC is likewise joined. You can likewise observe that I can utilize your space name email and will be able to send the mail to any of the clients of novu.co
This is just an example of what attackers will be able to do using your company emails. This issue has a larger impact as attackers will be able to spoof your users by sending unwanted emails and users will do the actions accordingly provided by the attackers. Attackers will be able to spam your whole application and your users. They will be able to take whatever they want from your novu.co users. Their credentials, their credit cards, and much more.
Attackers will also be able to perform transactions with your clients/users by communicating with them using your official company emails as we have shown in the proof of concept.
Mitigation:
You should review the policies to be applied for the DMARC mail server configuration. As I see your DMARC is misconfigured. Just Add DMARC Quarantine/Reject policy in your DMARC configuration and so attackers will not be able to exploit this vulnerability on your application.
Thank you
Sincerely,
John Lee
john7866 Reporter
Hi Team,
We have found your website vulnerable to this vulnerability.
Vulnerability Type: Mail Server Misconfiguration Leads To Hijack Your Mail Server Due To BAD DMARC Implementation/Cross-Site Scripting Attacks/ Malicious Payloads Injection/Victim PC Hijack
Severity: Critical
Description:
DMARC Quarantine/Reject policy is not enabled on novu.co so due to this attackers will be able to send an email using your domain novu.co to your users.
Due to this vulnerability, Attackers will be able to use any email of your application and send email to any one of your users,
Proof of concept is attached.
Impact:
Attackers will be able to send an email using your email
support@novu.co
and other official emails of your company/staff members which will result in your business and reputation loss by sending unwanted emails to your users/clients as a result of exploiting this vulnerability.
Attackers will be able to take over any user account by sending your user's malicious links using your company/official emails which will result in a complete account takeover of any user as they will follow any instructions given by your official company emails. And more they will be able to do anything with your users by communicating with them by using your company/emails.
Attackers will be able to execute malicious scripts on the victim's PC by sending them malicious URLs and payloads directly via email as the clients will see that these are from authenticated sources of your company email which will result in malicious payloads/URLs being injected into your users PC.
Attackers will also be able to attach malicious files using your email and once the files get downloaded to the victim PC resulting in a victim PC hijack.
Attack Scenario:
An assailant would send an email saying "with any unwanted information" (or any malicious files attached with the email and instruct them to download it) using your company emails like
support@novu.co
and any email which is found to be linked with your domain. Clicking on the connection takes him to a site where certain JavaScript is executed which takes his novu.co information. The outcomes will be more perilous. POC is likewise joined. You can likewise observe that I can utilize your space name email and will be able to send the mail to any of the clients of novu.co
This is just an example of what attackers will be able to do using your company emails. This issue has a larger impact as attackers will be able to spoof your users by sending unwanted emails and users will do the actions accordingly provided by the attackers. Attackers will be able to spam your whole application and your users. They will be able to take whatever they want from your novu.co users. Their credentials, their credit cards, and much more.
Attackers will also be able to perform transactions with your clients/users by communicating with them using your official company emails as we have shown in the proof of concept.
Mitigation:
You should review the policies to be applied for the DMARC mail server configuration. As I see your DMARC is misconfigured. Just Add DMARC Quarantine/Reject policy in your DMARC configuration and so attackers will not be able to exploit this vulnerability on your application.
Thank you
Sincerely,
John Lee