Good Afternoon,

the openfire 4.0.3 instance that i have does not return a csrf token from the login page.

The LFI seems to still be present as the following url still returns the logs: /setup/setup-s/%u002e%u002e/%u002e%u002e/log.jsp

any guidance of how to retrieve the CSRF token for this version?

Thank you