I once "participated" in a photo contest where you could vote for the winner. The voting url didn't have CSRF protection and you could place your vote with a GET request.
I changed my avatar on all my forum accounts to a php script that redirected to that url on the first hit. Second hit it would show my normal avatar.
I got second place. Probably someone else figured out the same trick haha
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I once "participated" in a photo contest where you could vote for the winner. The voting url didn't have CSRF protection and you could place your vote with a GET request.
I changed my avatar on all my forum accounts to a php script that redirected to that url on the first hit. Second hit it would show my normal avatar.
I got second place. Probably someone else figured out the same trick haha