✍️ Description

$_SESSION["token"] is a csrf token which is a md5 hash generated based on system time.

It has been discovered that $_SESSION["token"] compares with $_GET["token"] using comparison operator != in file index.php. This might cause unexpected behavior due to type juggling.

It is possible to bypass the CSRF token by using magic hash attack, and leveraged to perform CSRF attack.

Remediation

Use !== instead.