As a security auditor I log a medium security breach in FundRequest platform

[akhilcryptos]

Vulnerabilities Found :

1 : CSRF to update ETH wallet address in victims account 2 : Victims account takeover using password reset link hijacking via host header poisoning

Proposed solution : for vulnerability 1 : Add CSRF Tokens for vulnerbaility 2 : Refer http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html

Verification : The team has fixed the reported vulnerabilites