Flash CSRF: Update Ad Frequency %: [cp-ng.pinion.gg]
Medium
U
Unikrn
Submitted None
Actions:
Reported by
geekboy
Vulnerability Details
Technical details and impact analysis
###Description:
-----------
Attacker can update the user's Ad Frequency % using flash + 307 redirect trick by making post request to particular endpoint.
###Step To Reproduce:
-----------
+ Get logged at: https://cp-ng.pinion.gg
+ Visit: http://geekboy.ninja/poc/freq.swf
+ Ad Frequency should be updated.
*Note: for test i used my account with id `████`, as update request use userid in endpoint, it can be modified as per need.*
{F205068}
Please let me know if any more info needed !
-------------
__*- Geekboy!*__
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-Site Request Forgery (CSRF)