Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system
✍️ Description csrf bug to mass delete client 🕵️♂️ Proof of Concept bellow request is vulnerable to csrf attack. here csrf token checking, no refferrer checking . There is nothing to prevent csrf attack . POST /online-invoicing-system/app/clientsview.php HTTP/1.1 Host: localhost User-Agent:...