Web - Client
Tuesday 12 September 2023, 13:41 #1
Web - Client | csrf 0 protection
Hi!
While working on this challenge i found that i can inject scripts in the comment tab, than i learnd about csrf and how it works soo i created a payload.
but it doesnt work.
i tryed in local host....worked fine.
i even sent the admins html page to a webhook to see if it has syntax errors after the injections...seemed fine.
i injected the this same form but edited so that the action atrib points to my webhook...the webhook got the POST request with all the data in the body.
So my mistake is around the calling of the ?action=contact endpoint as the form and the auto submit script works fine.
My guys i dont have any other idea that can go wrong here...
Can you guys help pls.