Uber: Chained vulnerabilities create DOS attack against users on desafio5estrelas.com

On a vendor created and managed site desafio5estrelas.com, by controlling the value of the gender parameter on the /salvargenero endpoint via CSRF, an attacker was able to prevent a user from ever logging into their account again. Fun chained CSRF that caused a DOS on user’s account. Check out my...