Hello. I want to report it has CSRF issue in admin pages.
When attacker induce authenticated admin user to a malicious web page, the account will be created without admin user's intention.
Here is how to reproduce the issue.
1. Login to admin page.(/admin)
2. Keep login and access the html it has following content
Hello. I want to report it has CSRF issue in admin pages.
When attacker induce authenticated admin user to a malicious web page, the account will be created without admin user's intention.
Here is how to reproduce the issue.
1. Login to admin page.(/admin)
2. Keep login and access the html it has following content
test1is created without admin user's intention.The text was updated successfully, but these errors were encountered: