Web - Client

Hi,

I’m in the Web - Client CSRF 0 Protection challenge
I implemented the solution which is a url that should do the attack. I checked myself and it seems to work locally, but i cannot get the admin to check it.
I even put some xss to check that the admin is opening the url, but i havent received anything back in my server.

Is it possible that the admin (or the process) is not checking the messages??

Thanks!

No. There is something wrong with your script