A cross-site request forgery (CSRF) vulnerability in Reddit forced users to view adult content.
The medium severity security bug disabled the option to turn on certain settings, meaning that any user who has opted to restrict adult content could instead be directed towards it by malicious hackers.
A bug report reads: “A state-changing POST request to https://old.reddit.com/over18? lacked proper modhash validator leaving the sensitive action vulnerable to CSRF attacks. An attacker can trick users into executing the action, enabling/disabling ‘I am over eighteen years old’ and willing to view adult content preference in the victim account.”
The reproduction steps begin with a victim creating a Reddit account, navigating to https://old.reddit.com/prefs/ and turning off the option declaring the user is over 18 years old and willing to view adult content.
Next, the user visits the ‘not safe for work’ (NSFW) subreddit https://www.reddit.com/r/<nsfw_subreddit_here> where there is a window asking if the user wants to see adult content.
If they then open a crafted HTML file of malicious content, their settings will be updated and they will, unwittingly, be able to view NSFW content.
The issue was patched and the security researcher received a $500 bug bounty reward for reporting it.
More technical details can be found in the HackerOne write-up.
Source: https://portswigger.net/daily-swig/reddit-patches-csrf-vulnerability-that-forced-users-to-view-nsfw-content