Re: Mailsploit problem in responce of ENVELOPE

Sun, 10 Dec 2017 19:14:24 -0800 

Hi,

Additionally, I just tried bellow:

 From: serv...@paypal.com<iframe onload=alert(document.cookie) 
src=https://www.hushmail.com style="display:none"\n\0...@mailsploit.com
 Reply-To: serv...@paypal.com<iframe onload=alert(document.cookie) 
src=https://www.hushmail.com style="display:none"\n\0...@mailsploit.com


Thanks


----- Original Message -----
> Hi,
> 
> Sorry, It comes by fetching ENVELOPE, not BODYSTRUCTURE.
> For example:
> 
> A01 UID FETCH 24 (ENVELOPE)
> * 4 FETCH (UID 24 ENVELOPE ("Fri, 08 Dec 2017 09:44:35 +0900" "test2" ((NIL 
> NIL "service" "paypal.com")) (("dev1" NIL "dev1-bounces" "example.com")) 
> ((NIL NIL "service" "paypal.com")) (("user1" NIL "user1" "example.com")) 
> (("dev1" NIL "dev1" "example.com")) NIL 
> "<20171206084846.0000478c.0...@example.com>" 
> "<20171208004435.00006b4f.0...@example.com>"))
> A01 OK Fetch completed (0.000 secs).
> 
> > The metasploit generated emails contain a fake Reply-To header.  Are you
> > sure that the above isn't the Reply-To header?
> 
> I did test also Reply-To header, then had same response as above.
> 
> 
> ----- Original Message -----
> > On Fri, Dec 08, 2017 at 18:47:37 +0900, TACHIBANA Masashi wrote:
> > > Hi,
> > > 
> > > I tried to see a mail that have a strange From header in bellow URL:
> > > 
> > > https://www.mailsploit.com/index
> > > 
> > > Then, I got BODYSTRUCTURE response contain next:
> > > 
> > > ((NIL NIL "service" "paypal.com"))
> > > 
> > > Are this problem already founded by anyone?
> > > So already fixed?
> > 
> > The metasploit generated emails contain a fake Reply-To header.  Are you
> > sure that the above isn't the Reply-To header?
> > 
> > The "FETCH 123 ENVELOPE" command will return both (and FETCH ALL includes
> > ENVELOPE).  From the IMAP RFC:
> > 
> >     The fields of the envelope structure are in the following order:
> >     date, subject, from, sender, reply-to, to, cc, bcc, in-reply-to, and
> >     message-id.
> > 
> > Can you paste the whole IMAP command response?
> > 
> > Thanks,
> > 
> > Jeff.
> > 
> 
> --
> TACHIBANA Masashi  QUALITIA CO., LTD.
> mailto:tachib...@qualitia.co.jp
> 
> 
> 
--
TACHIBANA Masashi  QUALITIA CO., LTD.
mailto:tachib...@qualitia.co.jp

株式会社クオリティア
http://www.qualitia.co.jp/

Reply via email to