[chaturbate.com] - CSRF Vulnerability on image upload

##Summary## Hi guys, One of the features available to a Chaturbate user is the ability to upload images into photo sets. The upload functionality does not use any CSRF tokens, allowing attackers to perform CSRF attacks and upload images to a user's profile without the user's consent. ## Steps To Reproduce: 1. Login to Chaturbate. 2. Browse to your profile page and upload an image. 3. Note the `set` ID of the newly created set (this is available by visiting set in the profile page. It'll be in the URL : `https://chaturbate.com/photo_videos/photoset/detail/[username]/[set_id]/`). 4. Download the poc.html file attached to this report. 5. Edit `poc.html` by replacing the number `4771110` by the `set` ID found at step #3. 6. Open poc.html and click on `Submit request`. 7. Visit your Chaturbate image set. You'll notice that the photo set now inludes an additional image (a blank/white image). ## Impact In order for this attack to work, an attacker would need to know the correct photo set ID. Since set IDs are public information, this isn't an issue. I've set the impact here to medium since this affects the integrity of user accounts.