The blog of Constant Contact was hosted on a vulnerable version of PHP in which their was a public exploitable bug. It was confirmed that it was hosted by a third party and after patching their bug they wanted my name to get published in the Thanks section. So here you go.
http://www.constantcontact.com/security/report-vulnerability
