This is a proof-of-concept demonstrating the CSRF vulnerability present on the Battlecode 2016 website. If you are logged in to Battlecode and you click on the below link, the bio field of your team's profile will be changed to "This team was pwned!"; this can be easily extended to delete users/teams as well as do many more evil-er things.
k15z / battlecode-2016-csrf Goto Github PK
View Code? Open in Web Editor NEWThis is a proof-of-concept demonstrating the CSRF vulnerability present on the Battlecode 2016 website. If you are logged in to Battlecode and you click on the below link, the bio field of your team's profile will be changed to "This team was pwned!"; this can be easily extended to delete users/teams as well as do many more evil-er things.