MailChimp, Olark, Kaneva online websites have computer cyber security bug problems. Theycan
be exploited by Open Redirect (Unvalidated Redirects and Forwards)
attacks. Here is the description of Open Redirect: "A web application
accepts a user-controlled input that specifies a link to an external
site, and uses that link in a Redirect. This simplifies phishing
attacks. An http parameter may contain a URL value and could cause the
web application to redirect
the request to the specified URL. By modifying the URL value to a
malicious site, an attacker may successfully launch a phishing scam and
steal user credentials. Because the server name in the modified link is
identical to the original site, phishing attempts have a more
trustworthy appearance." (From CWE)
(1) MailChimp’s Login Page Open Redirect Vulnerability
The vulnerability exists at “http://login.mailchimp.com/?” page with “referrer” parameter, e.g. http://login.mailchimp.com/?referrer=http://google.com 
a user clicks the URL () before login, the MailChimp “login page”
appears. The user needs to enter his/her username and password. When
this is done, the user could be redirected to a webpage different from
(1.1) Use the following tests to illustrate the scenario painted above.
redirected webpage address is
“http://www.tetraph.com/essayjeans/poems/thatday.html”. We can suppose
that this webpage is malicious.
The vulnerability exists at “loginSecure.aspx” page with “logretURLNH” parameter, i.e. http://www.kaneva.com/loginSecure.aspx?logretURLNH=http%3a%2f%2fmsn.com 
unlogged victims click the URL () above, the Kaneva Sign-in page is
displayed. The victims need to enter their username and password. After
which, they will be redirected to a webpage different from Kaneva.
Tests were performed on Firefox (26.0) in Ubuntu (12.04) and IE (9.0.15) in Windows 7.
(3.1) Use the following tests to illustrate the scenario painted above.
program code flaw can be attacked without user login. Tests were
performed on Microsoft IE (9 9.0.8112.16421) of Windows 7, Mozilla
Firefox (37.0.2) & Google Chromium 42.0.2311 (64-bit) of Ubuntu
(14.04.2)，Apple Safari 6.1.6 of Mac OS X v10.9 Mavericks. These bugs were found by using URFDS.
Discover and Reporter:
Jing, Division of Mathematical Sciences (MAS), School of Physical and
Mathematical Sciences (SPMS), Nanyang Technological University (NTU),