GSA Bounty: Cross-Site Request Forgery on the Federalist API (all endpoints), using Flash file on the attacker's host

We endorse sp1d3rs's summary! The PR fixing this ticket is here: https://github.com/18F/federalist/pull/1157 Thanks to the 18F team for the great experience, fast fix, and the bounty! The report details i requested the limited disclosure due to lot of sensitive info in the attachments and report...