HYPERLINK INJECTION/EMAIL INJECTION
|Reported by:||Owned by:|
Nginx is such a trusted website.It is famous for the security nginx is providing the customers.But there is a bug in the signup form where attacker can inject malicious links(html)and effect any user whim they targeted through email id.This results in the bad reputation to the company.
Email injection is a security vulnerability that can occur in Internet applications that are used to send email messages. It is the email equivalent of HTTP Header Injection.
Steps to reproduce:
1.go to url : https://www.nginx.com
2.now click on free trial
3.fill up the sign up form b giving first names with malicious link or html code,
--> go to this link https://example.com
--> <a href="bf.am">click here for pass</a>
4.now give the victims email id and submit the form
5.the victim will get mails from NGINX with malicious link injected
Kindly find the attached images for better understanding.