Mail.ru: CSRF on /subscription_manage.php endpoint at allods.mail.ru

2019-03-28T04:28:34
ID H1:517470
Type hackerone
Reporter mehulpanchal007
Modified 2019-05-13T15:24:22

Description

CSRF in https://allods.mail.ru allows to manage user's subscriptions.

allods.mail.ru belongs to extended scope.