Cross-Site Request Forgery
Discription

# Description
The administrative `/api/users` registration endpoint is vulnerable to an Cross-Site Request Forgery attack due the lack of any kind of anti-CSRF token verification.

# Proof of Concept
1. 1 – An authenticated administrator visits an attacker-controllable website, in this case the PoC file.
2. 2 – When the page loads, a new account will be created using the attacker chosen credentials.
“`

“`Read More

Back to Main

Subscribe for the latest news: