Created by: asanso
Problem AEM hacker doesn't report
It's possible to create new JCR nodes using POST Servlet as "admin:admin" user in the CreateJCRNodes due the CSRF filter blocking this request.
Solution change the user agent to curl. I fixed the obvious cases but it might need more changes