Injection Vulnerability in login.mailchimp.com
Type : Injection
Tested on : Firefox
OS : Windows 7
Description of Vulnerability :
Injection is the exploitation of a computer bug that is caused by processing invalid data. It can be used by an attacker to inject code into a computer program to change the course of execution.
Impact of Vulnerability :
Injection can result in data loss, lack of accountability, or denial of access. It can sometimes lead to complete host takeover. It can also be used to gain information, privilege escalation or unauthorised access to a system.
PoC :
https://login.mailchimp.com/signup/success/?e=mark zuckerberg
Timeline
*. Found : 12 April 2015
*. Reported : 17 April 2015
*. Fixed : April 2015
Well I reported this vulnerability to mailchimp after 5 days of actually finding it which was my mistake. They already knew about the vulnerability.
Reward : Nothing :p
I am an engineer who admires technology and related stuff. Apart from tech, I play badminton, love swimming, am foodie and a big Harley Davidson fan.
ConversionConversion EmoticonEmoticon