Cuvva: CSRF on cuvva.insure allows to attacker to send multiple SMS to download the app without visiting the cuvva

Description : cuvva.co allows user to send app download link to his/her mobile number via SMS. But attacker can abuse this system via cross site request forgery and can send SMS to N number of mobile numbers without even visiting the cuvva.com/cuvva.insure website. Reproduction Steps :...

Whisper: SMS Invite Form Abuse

whisper.sh fails to protect the invite form from abuse from attackers. If a malicious individual wants to abuse this functionality, they could send repeated/automated requests to the same phone number or range of phone numbers that do no actually belong to himself. This would result in lots of...