Imgur: Crossdomain.xml settings on too open

ID H1:91604
Type hackerone
Reporter kiraak-boy
Modified 2015-12-09T18:11:40


The crossdomain.xml file hosted at was too open. This allowed SWF files to make HTTP requests and see it's response. If this was not changed, then can embed a SWF on that makes an HTTP request to The result page for would include the CSRF token and the SWF file could make requests with the user's cookies.