HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Mini Low Risk Cross Site Request Forgery Bug on Bookmarking

Tested on a local install of Haven't tested anywhere else so it could be just me.

If you include an image like so <img src="http://yourforum.org/vanilla/discussion/bookmark/24514/"> anyone that views the page will automatically bookmark the thread of id 24514. The original book mark url contains the transient hash but removing it doesn't seem to stop it from working for me.

Can anyone else verify this or is it just happening to me?


Sign In or Register to comment.