IRCCloud: CSRF to Account Take Over Bug

2014-04-11T11:17:18
ID H1:7116
Type hackerone
Reporter defmax
Modified 2014-09-08T12:13:49

Description

Hello Sir

This is N B Sri Harsha

I Have Found An CSRF to Account take over bug

effected url :- https://www.irccloud.com/chat/user-settings

I have wrote an html code and uploaded it , please check that out

u have to fill email address , there , and click on update settings

U will get output as {"_reqid":0,"success":true}

Thats It , the victims email address will be changed

after that he goes to forgot password and changes the password

hope this security issue will be fixed soon