Mail.ru: [cfire.mail.ru] CSRF Bypassed - Changing anyone's 'User Info'

Hi, I noticed that when we change userinfo of https://cfire.mail.ru from here: https://cfire.mail.ru/account/userinfo, there are two Anti-CSRF tokens or you can say that; they just do the work of Anti-CSRF token: - signature - submit2 Actually, I was able to bypass both Anti-CSRF tokens, and afte...