CSRF на загрузку изображения Pandao
Discovered by xalerafera on Mailru

This issue took 0 Days and 1 hours to triage and 3 Days and 18 hours to resolve once triaged.

CSRF vulnerability in avatar upload AJAX method for pandao.ru

Pandao.ru is not currently covered by main bug bounty and general CSRF/XSS vulnerabilities are accepted without bounty.