Login csrf.
Unknown
Vulnerability Details
Hi ,
There is no state parameter in bitbucket login request .
https://bitbucket.org/site/oauth1/authorize?oauth_token=ZmCHb7dnyYVYKTYRNt .
As you can see that there is no state parameter in above request there it is possible to exploit login csrf.
Actions
View on HackerOneReport Stats
- Report ID: 117195
- State: Closed
- Substate: not-applicable
- Upvotes: 1