Postfix SMTP Smuggling CVE-2023-51764 Exploit

Postfix SMTP Smuggling CVE-2023-51764 Exploit

vBash by Prapattimynk

Postfix SMTP Smuggling - Expect Script POCsend an email that is legitimate, but inside the email there is many others emails (different senders, recipients, subjet, etc). The initial email is check fo

Android Android 5.0Exploits And POCs
( 413 ratings )
Price: $0
File CVE-2023-51764 Exploit
Publisher Prapattimynk
Genre Exploits And POCs
Size -
File Type Bash
Os All
Mod Version Bash
Report Report
CVE-2023-51764 Exploit is the most famous version in the CVE-2023-51764 Exploit series of publisher
Download

Postfix SMTP Smuggling – Expect Script POC

send an email that is legitimate, but inside the email there is many others emails (different senders, recipients, subjet, etc). The initial email is check for SPF/DKIM/DMARC, the others inside are not !

usage: ./cve-2023-51764.sh mx.fqdn port
./cve-2023-51764.sh mail.mydomain.com 25

Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required: the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9.



Recommended for You

You may also like

3 Comments

  1. 2 months ago

    Full support 😁🔥🔥

      1. 2 months ago

        Thank you sir 😁🙏

  2. 2 months ago

    Khaza Ramsey

Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.