There's cross site request forgery (CSRF) protection, but how good is it?

Medium Cross Site Request Forgery (CSRF)

Can you successfully force the admin password to be updated via CSRF? This means you must be on YOUR site and be able to force the data to be updated successfully.

The CSRF token generated is unique to your session so you must be able to send anyone a proof of concept and force the admin password to be changed.


Solution