IRCCloud: CSRF to Account Take Over Bug

ID H1:7116
Type hackerone
Reporter defmax
Modified 2014-09-08T12:13:49


Hello Sir

This is N B Sri Harsha

I Have Found An CSRF to Account take over bug

effected url :-

I have wrote an html code and uploaded it , please check that out

u have to fill email address , there , and click on update settings

U will get output as {"_reqid":0,"success":true}

Thats It , the victims email address will be changed

after that he goes to forgot password and changes the password

hope this security issue will be fixed soon