Web - Client

Tuesday 14 February 2017, 18:08  #1
Web - Client CSRF 0 Protection
ranch
ranch
  • 3 posts

maybe a spoiler?

Hey, just a little confused here. I know I need to forge the php session id of the admin in order to get my form to have the correct permissions, but am I supposed to use an xss vulnerability to get that? I tried my solution to the previous challenge (xss stored 1) on this one just to see if it worked but nothing happened. however, I am not sure if I did not wait long enough for the admin bot to recieve my code. am I on the right track at least?

Wednesday 15 March 2017, 19:31  #2
Web - Client CSRF 0 Protection
NickT
NickT
  • 1 posts

I might be wrong, but it seems like either the challenge is harder than "0 protection" or "admin" never comes to execute JS / trigger resource loading.

Saturday 8 April 2017, 18:10  #3
Web - Client CSRF 0 Protection
Constaintine
Constaintine
  • 12 posts

Has anyone ideas?

Monday 10 April 2017, 12:32  #4
Web - Client CSRF 0 Protection
Defte
Defte
  • 65 posts

Hello, you don’t need XSS to solve this ^^
But yes you have to do something so that the administrator validate the upgrade ^^

Wednesday 26 April 2017, 20:07  #5
Web - Client CSRF 0 Protection
zyaya
zyaya
  • 1 posts

I manage to have the admin running my code... but the account is not activated.. can’t understand why

Thursday 27 April 2017, 11:40  #6
Web - Client CSRF 0 Protection
Defte
Defte
  • 65 posts

Well, if it doesn’t work you should check your code again or the way you submit it ;)

Thursday 27 April 2017, 13:44  #7
Web - Client CSRF 0 Protection
Naredner
Naredner
  • 1 posts

Hey can you give me an hint on how to get my code executed by the admin ?

Sunday 28 May 2017, 02:11  #8
Web - Client CSRF 0 Protection
sat3007
sat3007
  • 1 posts

send your javaScript code from Contact and use onload method

New reply New reply   New topic New topic