Cloudflare: CSRF and No password requirement in this URL Billing Info

2014-05-14T16:30:06
ID H1:12034
Type hackerone
Reporter shahmeer-amir
Modified 2014-07-08T10:00:30

Description

An attacker can launch requests on his victim's behalf on the billing info page. There is a requirement of CSRF token on this page https://www.cloudflare.com/billing-information

Awaiting your reply