Thursday, 17 April 2014

MailChimp’s Login Page Online Website Unvalidated Redirects and Forwards Bug

"More than 9 million people and businesses around the world use MailChimp. Our features and integrations allow you to send marketing emails, automated messages, and targeted campaigns. And our detailed reports help you keep improving over time.

MailChimp has been around since 2001. We started as a side project funded by various web-development jobs. Now we send more than 600 million emails a day. We love seeing businesses start small, fund themselves with paying projects, and build up a strong API, so that's how we run MailChimp. We create products and features that empower our customers to grow."

The vulnerability exists at “” page with “referrer” parameter, e.g. [1]

When a user clicks the URL ([1]) before login, the MailChimp “login page” appears. The user needs to enter his/her username and password. When this is done, the user could be redirected to a webpage different from MailChimp.

Tests were performed on Microsoft IE (9 9.0.8112.16421) of Windows 8, Mozilla Firefox (37.0.2) & Google Chromium 42.0.2311 (64-bit) of Ubuntu (14.04.2),and Apple Safari 6.1.6 of Mac OS X v10.9 Mavericks.

(1) Use the following tests to illustrate the scenario painted above.
The redirected webpage address is “”. We can suppose that this webpage is malicious.

Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)

1 comment:


    Call them cybersecurity vigilantes if you will, or “white hats” — as they are known in the hacking world.

    Mr Wang Jing and Mr Zhao Hainan are part of a growing group of individuals who are taking it upon themselves to test the security of information systems in organisations and report security flaws.