Mail.ru: CSRF на удаление товара из корзины

2019-01-24T14:11:18
ID H1:485359
Type hackerone
Reporter xalerafera
Modified 2019-03-11T12:59:59

Description

CSRF vulnerability in pandao.ru allowed to remove item with id known to attacker from the cart.

On the time of reportting, clientside vulnerabilities in pandao.ru are not covered by bug bounty program.