CSRF to delete a pet on ██████
Low
M
Mars
Submitted None
Team Summary
Official summary from Mars
The /pets/delete endpoint on ████ is susceptible to Cross-Site Request Forgery (CSRF) attacks. This vulnerability enables an attacker to delete a pet from the targeted user's account. The issue arises from a CSRF problem in both GET and POST requests at the endpoint ████, allowing unauthorized deletion of pets.
Actions:
Reported by
dr34m14
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-Site Request Forgery (CSRF)