Opened 7 years ago
Closed 7 years ago
#1331 closed defect (invalid)
HYPERLINK INJECTION/EMAIL INJECTION
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | other | Version: | 1.10.x |
| Keywords: | BUG | Cc: | |
| uname -a: | orthonviper@gmail.com | ||
| nginx -V: | 1.10.3 | ||
Description
Hello@team,
Nginx is such a trusted website.It is famous for the security nginx is providing the customers.But there is a bug in the signup form where attacker can inject malicious links(html)and effect any user whim they targeted through email id.This results in the bad reputation to the company.
BUG DESCRIPTION:
Email injection is a security vulnerability that can occur in Internet applications that are used to send email messages. It is the email equivalent of HTTP Header Injection.
Steps to reproduce:
1.go to url : https://www.nginx.com
2.now click on free trial
3.fill up the sign up form b giving first names with malicious link or html code,
example :
--> go to this link https://example.com
--> <a href="bf.am">click here for pass</a>
4.now give the victims email id and submit the form
5.the victim will get mails from NGINX with malicious link injected
Kindly find the attached images for better understanding.
Attachments (2)
Change History (3)
by , 7 years ago
| Attachment: | Screenshot (2801).png added |
|---|
by , 7 years ago
| Attachment: | Screenshot (2800).png added |
|---|
comment:1 by , 7 years ago
| Resolution: | → invalid |
|---|---|
| sensitive: | 0 → 1 |
| Status: | new → closed |
.png){kind=link}
.png){kind=link}
.png){kind=link}
.png){kind=link}
Thank you for your report. It was passed to the person who is responsible for nginx.com website.
I'm closing this ticket with "invalid" resolution since this bug-tracker is intended only for tracking open-source nginx and related resources.