X (Formerly Twitter): CSRF in twitterflightschool.com ( CAN POST ON TIMELINE WITHOUT USER PERMISSION)

Hi, 1 Go to twitterflightschool.com and start intercepting every request . 2 No csrf tokens are present in the requests 3 Even in account settings there are no csrf tokens Attacker could post on twitter timeline of user https://twitterflightschool.com/module/twitter-for-executives/chapter/final T...

X (Formerly Twitter): Twitter Flight SSL 2.0 deprecated protocol vulnerability.

Twitterflight.com From Twitter Inc..I just checked it with whois Website service encrypts traffic using an old deprecated protocol with known weakness wich is obsolete and insecure, you should disable it. POC in the attachments...