Mail.ru: CSRF на лайк к отзыву (Pandao)

2019-01-20T09:32:17
ID H1:482818
Type hackerone
Reporter xalerafera
Modified 2019-03-11T13:06:32

Description

CSRF vulnerability in pandao.ru allowed to force user to "like" the user's comment.

On the time of reportting, clientside vulnerabilities in pandao.ru are not covered by bug bounty program.