$_SESSION["token"]
is a csrf token which is a md5 hash generated based on system time.
It has been discovered that $_SESSION["token"]
compares with $_GET["token"]
using comparison operator !=
in file index.php
. This might cause unexpected behavior due to type juggling.
It is possible to bypass the CSRF token by using magic hash attack, and leveraged to perform CSRF attack.
Use !==
instead.