Security Disclosure eMail

Schalla · August 26, 2014, 2:37am

Hello Oxid community,

I tried today to send a message to [email protected], but sadly it seems
the mail server is not configured proper.

Received-SPF: None (OX-EX.oxid-esales.local: [email protected] does not
designate permitted sender hosts)

([email protected] was replaced by the correct email).

Is the eMail address incorrect or is it simply a failure in the configuration?

I would like to disclose information for a (most likely) yet unknown exploit
for the current oxid community edition.

Best Regards,
Schalla

Hebsacker · August 26, 2014, 7:18am

dropped a note to Marco, so he can check

Schalla · August 26, 2014, 8:53am

Thanks! The bug I found is rather non-critical, but might be an issue if somebody found a critical bug and the eMail is invalid.

marco.steinhaeuser · August 26, 2014, 9:03am

Hi Schalla,

thanks. Your email was received at 2:22 this morning; we’ll work on it ASAP.

Cheers

Schalla · August 26, 2014, 9:05am

Hi Marco,

sadly I provided - since I was a little bit tired at 2am - a invalid PoC with a invalid exploit, since I sent out the wrong draft. Shall I just resend the new email with the correct stuff?

marco.steinhaeuser · August 26, 2014, 9:06am

Sure, go ahead

sahartech · December 12, 2015, 2:27am

Thanks! The bug I found is rather non-critical, but might be an issue if somebody found a critical bug and the eMail is invalid.