HashFlare

Injection Vulnerability in login.mailchimp.com

Injection Vulnerability in login.mailchimp.com

injection vulnerability in mailchimp by Nishant Nichani

Type : Injection
Tested on : Firefox
OS : Windows 7

Description of Vulnerability :
Injection is the exploitation of a computer bug that is caused by processing invalid data. It can be used by an attacker to inject code into a computer program to change the course of execution.

Impact of Vulnerability :
Injection can result in data loss, lack of accountability, or denial of access. It can sometimes lead to complete host takeover. It can also be used to gain information, privilege escalation or unauthorized access to a system.

PoC :
https://login.mailchimp.com/signup/success/?e=mark zuckerberg

injection vulnerability in mailchimp by Nishant Nichani


Timeline
*. Found : 12 April 2015
*. Reported : 17 April 2015
*. Fixed : April 2015

Well I reported this vulnerability to mailchimp after 5 days of actually finding it which was my mistake. They already knew about the vulnerability.

Reward : Nothing :p
Previous
Next Post »

Subscribe to our mailing list

* indicates required
Select your Interested Topics.