|
|
|
|
|
|
by itsnotlupus
2273 days ago
|
|
|
There's a csrf token set in a php session that's hard to guess that needs to be provided in form data, yes. Probably difficult to exploit that way without first finding another bug to retrieve that token from a random origin. |
|
|