|
| 19 Jul 2014 01:06 PM |
I am XxGOATSWAGxX, and I found two vulnerabilities within the ROBLOX website. These 2 vulnerabilities are not a huge problem, but need to be fixed.
First one, is a HTML form without CSRF protection. This affects All as followed: / /Login/Signup.aspx /New/Login /newlogin (a2c066965000a0859bf5e6bdaea18035)
The impact of vulnerability: An attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application.
How to fix this vulnerability:
Check if this form requires CSRF protection and implement CSRF countermeasures if necessary.
The second vulnerability I found in an insecure transition from HTTP to HTTPS. Affects all as followed: /
The impact: Possible information disclosure.
How to fix: The form should be served from a secure (https) page.
Fix these, if not done already.
Am I able to get Red Banded Top Hat for this? |
|
|
| Report Abuse |
|
|
| 19 Jul 2014 01:10 PM |
| Don't post this on the forums. E-mail Roblox instead. |
|
|
| Report Abuse |
|
Cahier
|
  |
| Joined: 20 Jul 2010 |
| Total Posts: 1796 |
|
| |