Web - Client
Tuesday 14 February 2017, 18:08 #1
Web - Client CSRF 0 Protection
maybe a spoiler?
Hey, just a little confused here. I know I need to forge the php session id of the admin in order to get my form to have the correct permissions, but am I supposed to use an xss vulnerability to get that? I tried my solution to the previous challenge (xss stored 1) on this one just to see if it worked but nothing happened. however, I am not sure if I did not wait long enough for the admin bot to recieve my code. am I on the right track at least?
Saturday 8 April 2017, 18:10 #3
Web - Client CSRF 0 Protection
Has anyone ideas?