Logout CSRF
Low
Vulnerability Details
Hi Team,
This is a low risk but want you to know that logout on this domain `demo.weblate.org` did not protect the logout form with csrf token, therefor i can logout any user by sending this url `https://demo.webplate.org/accounts/logout/`.
Logout should have post method with a valid csrf token.
Let me know if you need more info.
Regards
Japz
Actions
View on HackerOneReport Stats
- Report ID: 223329
- State: Closed
- Substate: resolved
- Upvotes: 6