Hello. I want to report it has CSRF issue in admin pages.
When attacker induce authenticated admin user to a malicious web page, the account will be created without admin user's intention.
Here is how to reproduce the issue.
Login to admin page.(/admin)
Keep login and access the html it has following content
Hello. I want to report it has CSRF issue in admin pages. When attacker induce authenticated admin user to a malicious web page, the account will be created without admin user's intention.
Here is how to reproduce the issue.
Keep login and access the html it has following content
test1
is created without admin user's intention.