A CSRF attack leverages the admin being logged in, and exploits it by tricking them into clicking a link to perform a given action. In this case, if the admin clicks that link, they are logged in and that form they are clicking will add a new admin user which the attacker prompted. More info: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
After the administrator logged in, open the following page to add an administrator.
POC:
The text was updated successfully, but these errors were encountered: