Risk: Sessions and cookies may be stolen or manipulated, which may be used to impersonate a legitimate user, allowing a hacker to view or alter user records and perform transactions
## as that user #Cause: The authentication method used by the application is insufficient Fixed value: Validate the value of the "Referer" header and use a one-time-nonce for each submitted form Reasoning: Test The results appear to indicate a vulnerability, as the test response is identical to the original response, which indicates that the cross-site request forgery attempt was successful despite having a fictitious "Referer" header. Dear masters, how to solve this kind of problem