### Example Subject Line for Security Report Source: https://github.com/haltman-io/mail-forwarding/blob/main/SECURITY.md Use a clear and concise subject line that immediately indicates the nature of the security issue found. ```text Subject: Email Confirmation Bypass via Custom Email Flow ``` -------------------------------- ### Example Security Report Structure Source: https://github.com/haltman-io/mail-forwarding/blob/main/SECURITY.md A comprehensive security report should include a title, affected component, summary, steps to reproduce, expected and actual behavior, impact, and proof of concept. ```text Subject: Email Confirmation Bypass via Custom Email Flow Affected component: Email confirmation flow Summary: The confirmation flow can be bypassed by changing a destination-related parameter during token validation. Steps to reproduce: 1. Request alias creation with a valid destination email 2. Intercept the confirmation request 3. Modify the destination-related parameter 4. Replay the request Expected behavior: The token should only validate for the original destination email. Actual behavior: The token is accepted after the destination parameter is changed. Impact: An attacker can confirm an alias flow for an email address that was never originally verified. Proof of concept: curl 'https://target.tld/api/confirm?token=123456&to=attacker@example.com' ``` -------------------------------- ### Example of an Effective Security Question Source: https://github.com/haltman-io/mail-forwarding/blob/main/SECURITY.md When asking security-related questions, clearly state your role, intent, and specific concerns. This allows for a faster and more relevant response. ```text Hello, I'm an offensive security analyst and I want to self-host your software at my business environment for productivy on security assessments. Do you have any scope limitations? Rate limiting, prohibited tests, staging hosts are fine if the system goes down. Assessment will begin next Monday at the same time as this email. ``` -------------------------------- ### Example of an Ineffective Security Question Source: https://github.com/haltman-io/mail-forwarding/blob/main/SECURITY.md Avoid sending vague or overly casual messages when inquiring about security policies or testing. Be direct and professional. ```text hello can I talk to you? ``` -------------------------------- ### Perl Mail Forwarder Script Source: https://github.com/haltman-io/mail-forwarding/blob/main/www.thc.org/README.md This script dynamically creates email forwarders by writing to a postfix/dovecot database. It validates input email addresses and domains before insertion. Ensure database credentials and domain lists are correctly configured. ```perl #!/usr/bin/perl # # Version 0.02 early alpha ;) # writes dynamic email forwarders into an postfix/dovecot database # author: LouCipher # use strict; use warnings; use CGI; use DBI; use utf8; use Mail::CheckUser qw(check_email last_check); use Email::Address; binmode STDOUT, ':encoding(UTF-8)'; my $sqlhost= ''; my $sqluser= ''; my $sqlpass= ''; my $sqldb= ''; my $q = new CGI; my $alias = "foo"; my $address = Email::Address->new(undef, $q->param('to')); my $origin = $address->format; my $originhost = $address->host; my $domain = ''; my $fullalias = $alias . $domain; my $reason = ''; my @mydomains = (''); $Mail::CheckUser::Treat_Timeout_As_Fail = 1; $Mail::CheckUser::Treat_Full_As_Fail = 1; $Mail::CheckUser::Sender_Addr = $origin; unless ( $alias =~ /^[a-zA-Z0-9\-\._]+$/ and $origin !~ /['"\t]/ ) { print $q->header( -status => '400 Bad Request' ); print $q->start_html("Free Mail Forwarding Service"); print $q->p("911 ERROR!"); print $q->p("Hocus Pocus, doublecheck $alias or $origin"); print $q->p("Join us on https://t.me/thcorg"); print $q->end_html; exit; } if ( grep( /^$originhost$/, @mydomains ) ) { print $q->header( -status => '400 Bad Request' ); print $q->start_html("Free Mail Forwarding Service"); print $q->p("911 ERROR!"); print $q->p("Ur a proper lout! $originhost loops back to myself"); print $q->p("Join us on https://t.me/thcorg"); print $q->end_html; exit; } if(check_email($origin)) { my $error = 'false' # will use this in a later relase } else { $reason = last_check()->{reason}; print $q->header( -status => '400 Bad Request' ); print $q->start_html("Free Mail Forwarding Service"); print $q->p("911 ERROR!"); print $q->p("Bibbidi Bobbidi Boo, Bitch! E-mail address <$origin> isn't valid: $reason"); print $q->p("Join us on https://t.me/thcorg"); print $q->end_html; exit; } my $dbh = DBI->connect("DBI:mysql:database=$sqldb;host=$sqlhost", "$sqluser", "$sqlpass", {'RaiseError' => 1, 'mysql_enable_utf8' => 1}); my $db_update = $dbh->prepare('INSERT into alias (id, address, goto, active, created, modified, Domain_id) VALUES (NULL, ?, ? ,1,CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1);'); eval { $db_update->execute($fullalias, $origin); }; if ($@) { warn 'SQL Error: ' . $@; print $q->header( -status => '500 Internal Server Error' ); print $q->start_html("Free Mail Forwarding Service"); print $q->p("911 ERROR!"); print $q->p("Mess With the Best, Die Like the Rest, there's something fishy going on!"); print $q->p("Join us on https://t.me/thcorg"); print $q->end_html; $dbh->disconnect; exit; } $dbh->disconnect; print $q->header( -status => '200 OK' ); print $q->start_html("Free Mail Forwarding Service"); print $q->p("By the power of Grayskull!"); print $q->p("$fullalias forwards now to $origin and can be used!"); print $q->p("Join us on https://t.me/thcorg"); print $q->end_html; ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.