Injection Vulnerability in login.mailchimp.com

Injection Vulnerability in login.mailchimp.com

Nishant May 18, 2015
Nishant

Injection Vulnerability in login.mailchimp.com

Injection Vulnerability in login.mailchimp.com

Type : Injection
Tested on : Firefox
OS : Windows 7

Description of Vulnerability :
Injection is the exploitation of a computer bug that is caused by processing invalid data. It can be used by an attacker to inject code into a computer program to change the course of execution.

Impact of Vulnerability :
Injection can result in data loss, lack of accountability, or denial of access. It can sometimes lead to complete host takeover. It can also be used to gain information, privilege escalation or unauthorised access to a system.

PoC :
https://login.mailchimp.com/signup/success/?e=mark zuckerberg

Injection Vulnerability in login.mailchimp.com by Nishant Nichani


Timeline
*. Found : 12 April 2015
*. Reported : 17 April 2015
*. Fixed : April 2015

Well I reported this vulnerability to mailchimp after 5 days of actually finding it which was my mistake. They already knew about the vulnerability.

Reward : Nothing :p

About

I am an engineer who admires technology and related stuff. Apart from tech, I play badminton, love swimming, am foodie and a big Harley Davidson fan.

Next
« Prev Post
Previous
Next Post »
Subscribe to: Post Comments (Atom)

Subscribe to our mailing list

* indicates required
Select your Interested Topics.