Mail.ru: CSRF уязвимость позволяет взять беспроцентный кредит пользователю cfire.mail.ru

2019-02-14T21:32:38
ID H1:496260
Type hackerone
Reporter iframe
Modified 2019-03-11T12:55:29

Description

CSRF vulnerability in Crossfire (cfire.mail.ru) allowed to force user to request game credit.

On the time of reporting, game/business logic vulnerabilities in cfire.mail.ru are not covered by bug bounty program.