Here is how I found a Security flaw in a Security Researcher’s blog.

Note: Blog post for educational use only. Do not use this method for spamming anyone!

Newsletters are very useful to deliver latest advancements in areas of your personal interest by legitimate companies and blogs directly to your inbox. One has to personally subscribe for newsletters to receive newsletters. But this is not always the case , Sometimes anyone with your personal email address can bomb your inbox with unnecessary newsletters.

I found an potential issue with Graham Cluley’s Security Newsletter which bad guys might have used for spamming. Here is the screenshot i sent to Graham Cluley sir regarding that issue.

The name field could have been given as ‘ click me https://kali.org ‘ , I am using Kali Linux website because it is a harmless website. And I gave my email address to get the newsletter!

Here is the final surprise , the first line in email I received is displaying Hi click here and a link which I gave as input in newsletter’s signup form. I have notified Graham Cluley Security Newsletter and It has been now hardened to prevent this Issue.

Originally published at https://outflaw.blogspot.com on September 24, 2020.