Exploiting CSRF against search with Lucene | Dark Hacker News