Отсутствие CSRF ключа на функции Закрытый Профиль.
Critical
O
ok.ru
Submitted None
Team Summary
Official summary from ok.ru
"Friends only" account mode could be toggled on and off with a CSRF attack. Настройка Закрытый профиль могла быть включена или выключена через CSRF.
Actions:
Reported by
iframe
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-Site Request Forgery (CSRF)