CSRF on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action

Disclosed: 2020-05-12 13:37:58 By meryem0x To lab45

Medium

Vulnerability Details

## Summary: Hi :) There is a CSRF on creating bookmarks form. ## Steps To Reproduce: There is no CSRF token or anything like that on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action. I added the poc html file below. When someone opens this html file, or we can add it into our website, he/she creates a bookmark unwillingly. ## Impact An attacker can force other users to create a bookmark without their knowledge.

Actions

View on HackerOne

Report Stats

Report ID: 866844
State: Closed
Substate: resolved
Upvotes: 2

CSRF on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action

Vulnerability Details

Actions

Report Stats

Share this report