.png)
1 year ago
109 BOOK THIS SPACE FOR AD
ARTICLE AD
What is Hyperlink Injection, its basically spoofing or injecting a link when sending an email invitation. Its a P5 according to bugcrowd, but some companies might consider it as a serious issue so report if you find it, might get paid.
Hyperlink Injection vulnerability arises when the attacker’s injected hyperlink gets successfully sent in the emails. Majority of the times, this attack involves user interaction.
A user can change their name to a URL in order to send notification emails containing malicious hyperlinks.
Using this vulnerability, an attacker can abuse the target email system to send malicious emails to any user.
Impact:
It might lead to redirecting victim to a malicious website or download trojans/viruses on victim’s system.irccloud is such a trusted website.But there is a bug in the signup form where attacker can inject malicious links(html)and effect any user whim they targeted through email id.This results in the bad reputation to the company.
steps To Reproduce
Go to url :https://www.irccloud.comFill up the sign up form giving first names with malicious link or html code,example :
→ go to this link https://www.evil.com
→ <a href="evil.com">click here for pass</a>
3. Now give the victims email id and submit the form.
4. The victim will get mails from irccloud with malicious link injected.
It might lead to redirecting victim to a malicious website or download trojans/viruses on victim’s system.
Bengali (Bangladesh) · 
English (United States) ·