Boozt Fashion AB: Bypass email validity in newsletter field

2017-01-20T23:30:05
ID H1:200072
Type hackerone
Reporter helloworld152
Modified 2017-02-24T17:24:47

Description

Hi,

I think i've discovered a little vulnerability on your website i don't know if she is outside the bug bounty program. In the newsletter field, the incorrect email addresses (for example with special characters) it's not accpeted. But with a specific HTTP request it's possible to bypass this verification.

For example I use this email: <<test@gmail.com In the newsletter field this email it's blocked but with the specific HTTP request this email it's accepted by the website.

URL: https://www.boozt.com/fr/fr/newsletter POST DATA: subscription%5Bemail%5D=<<test%40gmail.com&subscription%5Bgender%5D=MALE&subscription%5BcountryId%5D=9&subscription%5BlanguageId%5D=8&subscription%5Bposition%5D=footer

I have added to this report, two screenshots of the problem.

Best regards