top | item 22716731

(no title)

itsnotlupus | 6 years ago

There's a csrf token set in a php session that's hard to guess that needs to be provided in form data, yes.

Probably difficult to exploit that way without first finding another bug to retrieve that token from a random origin.

discuss

No comments yet.