Skip to content

GitLab

Trac
Trac

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by Trac@tracbot

The Tor Website SMTP Open Relay - eugeni.torproject.org

i’ve found an SMTP open relay vulnerability in 94.130.28.202 the vulnerability allows allatckers to send internal emails remotly without any authintication.

And i’ve provided a screenshot as a POC for this exploitation methodolgy

eugeni.torproject.org

vuln name : SMTP open relaay

root@kali:~# telnet 94.130.28.202 25 Trying 94.130.28.202... Connected to 94.130.28.202. Escape character is '^]'. 220 eugeni.torproject.org ESMTP Postfix (Debian/GNU) EHLO test 250-eugeni.torproject.org 250-PIPELINING 250-SIZE 10240000 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN

Trac:
Username: t4rkd3vilz

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information