

The bug that let me tweet from any Twitter account - JosephRedfern
https://henryhoggard.co.uk/?p=24

======
SlashmanX
> Although the page does provide an authenticity token aimed at preventing
> CSRF, it does not seem to validate that the token is correct, and therefore,
> we can enter any value.

That is just damning. No way should that have been overlooked

