Forum Discussion

Bronze II

7 months ago

Solved

Help with Cross Site Request Forgery (Twooter)

Hi folks, I'm having a hard time getting past the Cross Site Request Forgery lab - specifically I'm not sure what sort of payload I can use to obtain the username of the scraper. I can get their I...

challenges

help & support

immersive labs

barney
7 months ago
Oh OK. You don't need to try and send anything back to your kali box - just craft a link that when clicked will send a message to the message board.

barney

Bronze III

7 months ago

Don't overthink it.

You'll observe that when a user submits a twoot their username is displayed along with the message.

So, if you can submit a payload that replicates submitting a twoot, the username of anyone who interacts with it should be displayed.

Forum Discussion

Help with Cross Site Request Forgery (Twooter)

Featured Places

Help

Related Content

Server-Side Request Forgery

Server-Side Request Forgery Web App Hacking

Server-Side Request Forgery Q6 & Q7

SSRF Challenge

Snort Rules: Ep.9 – Exploit Kits

Recent Discussions

Microsoft Sentinel SOAR: Demonstrate Your Skills Question 11

APT29 Threat Hunting with Splunk: Demonstrate Your Skills - Question 10

Microsoft Sentinel SOAR: Demonstrate Your Skills

Threat Actors: Salt Typhoon – SNAPPYBEE Campaign Analysis - Question 7

Ethereum: The Blockchain, Transactions, and Explorers