When the super administrator logged in, there are two important POST methods without CSRF protection which can change his username,password and the prices of goods respectively. This can be achieved by cheating the super administrator to open the 2 pages when he logged in.
When the super administrator logged in, there are two important POST methods without CSRF protection which can change his username,password and the prices of goods respectively. This can be achieved by cheating the super administrator to open the 2 pages when he logged in.
poc1(Change the username and the password)
poc2(Change the price of goods)
The text was updated successfully, but these errors were encountered: