
ActBlue CSRF Security Vulnerability Responsible Disclosure - quantumtremor
http://rajk.me/actblue
======
quantumtremor
Pasting the introduction here.

> Non-technical introduction. ActBlue is a non-profit that organizes
> fundraising efforts for Democratic causes; so far they have facilitated over
> a billion dollars in donations. This page details a security vulnerability
> in the ActBlue donation system.

> tl;dr This vulnerability affects over three million individuals who have
> donated to a Democratic cause using ActBlue Express Lane. Specifically, the
> ActBlue donation system can be exploited to appropriate false donations
> towards either the Hillary Clinton or Bernie Sanders campaigns. Using cross-
> site request forgery, previous donors can be tricked into donating to other
> Democratic candidates or causes.

