Web - Client

Sunday 27 May 2018, 20:54  #1
Web - Client CSRF token bypass
maddo
maddo
  • 3 posts

I tried iframes through contact form and search input to use admin token , but no luck so far. Am I in the right direction ?

Monday 28 May 2018, 20:32  #2
Web - Client CSRF token bypass
Th1b4ud
Th1b4ud
  • 1636 posts

Yes you can use iframe. Just try harder ;)

Wednesday 30 May 2018, 17:20  #3
Web - Client CSRF token bypass
maddo
maddo
  • 3 posts

I think something is not right. I managed to get the token and ran the code in admin browser, But my account is still not validated  🙄

Friday 1 June 2018, 13:28  #4
Web - Client CSRF token bypass
maddo
maddo
  • 3 posts

Mission accomplished  😄

Thursday 21 February 2019, 08:15  #5
Web - Client CSRF token bypass
Only-one
Only-one
  • 8 posts

Hi, even though I pass this challenge, I wonder when I create a form in HTML, use script to get token then pass it to form’s token and auto submit form by script; this solution not work. When I use script only, no HTML form, it work.

New reply New reply   New topic New topic