EUVD-2014-9096

Malware in sbrugna...

Stripo Inc: csrf bypass using flash file + 307 redirect method at plugins endpoint

Hi Security team, i have found that the request sent to https://my.stripo.email/cabinet/stripeapi/v1/plugin/$userid$/plugins don't have any protection against csrf attacks as the server only validates that the content type is application/json and this can be bypassed using the flash file + 307...