Boozt Fashion AB: Bypass email validity in newsletter field

ID H1:200072
Type hackerone
Reporter helloworld152
Modified 2017-02-24T17:24:47



I think i've discovered a little vulnerability on your website i don't know if she is outside the bug bounty program. In the newsletter field, the incorrect email addresses (for example with special characters) it's not accpeted. But with a specific HTTP request it's possible to bypass this verification.

For example I use this email: << In the newsletter field this email it's blocked but with the specific HTTP request this email it's accepted by the website.

URL: POST DATA: subscription%5Bemail%5D=<<

I have added to this report, two screenshots of the problem.

Best regards