Web - Client
Thursday 29 March 2018, 20:53 #1
Web - Client 0 protection
Hi (:
I’ve try to send payload in contact page. my payload include script, src. src attribute is redirected to my remote server (html code) and my html codes includes body, onload, submit and form but it doesnt work. My strategy is like this: first admin read my comment, comment include hidden script then running and redirect my malicious html site, in html form action="http://challenge01.root-me.org/web-client/ch22/index.php?action=profile" and then all inputs fill automatically then send with body onload method.
I tested html code myself and I get "You’re not an admin!" error. I need little hint too ):
Thanks All