CSRF on https://www.niche.co leads to "account disconnection"
Medium
X
X (Formerly Twitter)
Submitted None
Team Summary
Official summary from X (Formerly Twitter)
The researcher discovered that Niche’s CSRF protection was broken and that an attacker could trick a logged-in user into deleting existing network connections under the network/ endpoint.
Actions:
Reported by
mik317
Report Details
Additional information and metadata
State
Closed
Substate
Duplicate
Submitted
Weakness
Cross-Site Request Forgery (CSRF)