if the stage 1 exploit was non interactive then this can be used to obtain administrator interaction by her clicking on the link to change their password. Note to check the source code of the change email page for any additional form id values.
source code
Last updated 1 year ago
