The vulnerability exists at “http://login.mailchimp.com/?” page with “referrer” parameter, e.g.
When a user clicks the URL () before login, the MailChimp “login page” appears. The user needs to enter his/her username and password. When this is done, the user could be redirected to a webpage different from MailChimp.
My tests were performed on Firefox (26.0) in Ubuntu (12.04) and IE (9.0.15) in Windows 7.
(1) I will use the following tests to illustrate the scenario I painted above.
The redirected webpage address is “http://www.tetraph.com/essayjeans/poems/thatday.html”. It’s one of my webpages. We can suppose that this webpage is malicious.
About WANG Jing (王晶):