Mail.ru: HTTP-Response-Splitting leads to information disclosure (email, firstname, lastname) at https://tz.mail.ru

2019-10-31T15:48:28
ID H1:726765
Type hackerone
Reporter flawwan
Modified 2020-01-01T20:46:34

Description

CRLF injection via GET paramaters in tz.mail.ru

Clientside vulnerabilities in tz.mail.ru is not currently covered by Bug Bounty program.