This issue is really important as any site can upload/delete/create files if a user is logged in.
If you visit my example attack page: https://file.webwevers.nl/c1123d5439d61c7a7821367bdf6da93f.html, and happen to be logged in on the file manager, it will create the file CSRFShouldBeFixed in /www/. This is just file creation, but a attacker could also delete files or entire directories with this attack. This issue can be fixed very easily however, by just creating a CSRF token on login / on page load, and then storing it in the session:
CSRF protection missing on sensitive authenticated actions.
The text was updated successfully, but these errors were encountered: