Cross-site Request Forgery
A Cross-site Request Forgery (CSRF) attack allows you to execute code on a site via another website.
You can simulate a CRSF vulnerability by having two Joomla! installations on your local development environment, both with com_folio installed. Let's assume your sites are http://localhost/joomla3 and http://localhost/joomlatest.
On your Joomla! 3 site, edit updfolio.php located under /components/com_folio/controllers, and add the following. This function is copied from form.php that is located under /libraries/legacy/controller, which is the parent class that this controller inherits from. Note the highlighted changes from the original class, where we have commented out the checkToken and some of the access checking.
public function save($key = null, $urlVar = null)
{
// Check for request forgeries.
//JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN'));
$app = JFactory::getApplication();
$lang = JFactory::getLanguage();
$model = $this->getModel...
