Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Two CSRF vulnerabilities that can change the super administrator's username,password and the prices of goods #1
When the super administrator logged in, there are two important POST methods without CSRF protection which can change his username,password and the prices of goods respectively. This can be achieved by cheating the super administrator to open the 2 pages when he logged in.
poc1(Change the username and the password)
poc2(Change the price of goods)