usrnvm43894
Reputation: 95
sending a spoofed email
I've looked deep into a Donation Reward system integrated on a game, and found out that they do validate their donations on paypal through the email that paypal sends back as confirmation to their email. I've got some similar game-files, de-compiled (JAVA) the sources and found this ->
if (((msgCont instanceof String)) && (from.endsWith("<[email protected]>")))
{
String str = msgCont.toString();
String[] strs = str.split("\n");
if (strs[2].startsWith("This email confirms that you have received a donation of€")) {
Main.handleDonation("Paypal", strs[2].split("\\)")[0].split("\\(")[1], str.split("Confirmation number: ")[1].substring(0, 17), (int)Double.parseDouble(strs[2].substring(57, strs[2].indexOf(" EUR"))));
} else {
System.out.println("[FATAL] Corrupted donation from:\n->" + from + " (Please check this eMail)");
}
}
As you can see they check the tag FROM if ends with -> <[email protected]>
So the trick here to exploit their system would be to send an email with a FROM tag that ends with [email protected]. I've tried a few php based spooffers, but no luck yet.
Any idea if thats possible? I am asking mostly to know if this kind of validation is secure.
Upvotes: 0
Views: 92
Answers (0)
Related Questions
- php mailer Message denied for spoofing attempt via SMTP Auth
- its possible to send email with PHP impersonating a user?
- PHP Fake Mailer Script says 'via' or 'on behalf of'
- Send email from fake account
- Is it possible to mask/spoof email address while sending mail in Java
- spoofing mail.php on DreamHost
- Using phpmailer to send to fake email addresses
- Sending email from php
- Sending e-mail via PHP, on behalf of someone else
- email application help. Send email to made up email address which is redirected to real email