Open Ethicalar opened 5 years ago
Hi Team,
I am a web security researcher and I found this vulnerability in https://fintel.io
Vulnerability Type: No CSRF Protection On Log Out
Description:
I found that an attacker can force any one to logout from there account.There is no CSRF protection so attackers can expire any user sessions by CSRF.
Here is the POC:
Steps to reproduce:
Please let me know if you need more information.
Looking forward to hearing from you.
Best Regards: Hassan Ahmed (ethicalar@gmail.com)
Hi Team,
I am a web security researcher and I found this vulnerability in https://fintel.io
Vulnerability Type: No CSRF Protection On Log Out
Description:
I found that an attacker can force any one to logout from there account.There is no CSRF protection so attackers can expire any user sessions by CSRF.
Here is the POC:
Steps to reproduce:
Please let me know if you need more information.
Looking forward to hearing from you.
Best Regards: Hassan Ahmed (ethicalar@gmail.com)