Risk: Sessions and cookies may be stolen or manipulated, which may be used to impersonate a legitimate user, allowing a hacker to view or alter user records and perform transactions

## as that user #Cause: The authentication method used by the application is insufficient

Fixed value: Validate the value of the "Referer" header and use a one-time-nonce for each submitted form

Reasoning: Test The results appear to indicate a vulnerability, as the test response is identical to the original response, which indicates that the cross-site request forgery attempt

was successful despite having a fictitious "Referer" header.

Dear masters, how to solve this kind of problem