X (Formerly Twitter): CSRF in twitterflightschool.com ( CAN POST ON TIMELINE WITHOUT USER PERMISSION)
Hi, 1 Go to twitterflightschool.com and start intercepting every request . 2 No csrf tokens are present in the requests 3 Even in account settings there are no csrf tokens Attacker could post on twitter timeline of user https://twitterflightschool.com/module/twitter-for-executives/chapter/final T...