Mediafire CSRF - Delete someones a/c by sending them a link
Obviously you must be logged in for this exploit to work
How could this be used?
-You can delete anyone's account by embedding the webpage in an iFrame
-You can shorten the link using a service like bit.ly or do a simple redirection (the iFrame method is more recommended however as they willl not see a confirmation page if you make it 1px by 1px)
Use your imagination, it's very useful if you want to get back at someone.
What happens with the account?
It's gone. Literally gone. If they ask the Mediafire staff to get it back they might be able to recover but they won't even be able to log in as the account is deleted. It will say the account doesn't exist when they try to log in.
Well, How do I prevent my account from being deleted?
If you use Firefox please block the specific URL as stated above. Else be careful with URL shortening and use common sense when clicking links.