Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Having issue signing into the "Basic Clickjacking with CSRF token protection" lab

Phil Sohn Jan 06, 2020 09:17PM UTC

I'm unable to even start the lab (https://portswigger.net/web-security/clickjacking/lab-basic-csrf-protected).

The provided credentials, carlos/montoya, do not work for me. Any ideas?


Ben Wright Jan 07, 2020 09:04AM UTC Support Center agent

Hi,

I have just checked this lab and the credentials are working fine for me. Have you accidentally deleted the carlos/montoya by mistake during the course of the lab?


Phil Sohn Jan 07, 2020 02:52PM UTC
That was precisely it. I must have unknowingly clicked on Delete at some point. I'm now able to sign in but once I store the HTML and "View exploit", the Test Me button is not loading properly. Here is what I'm getting, https://imgur.com/a/7dUgtRs.

Any assistance would be awesome.

Hannah Law Jan 07, 2020 03:01PM UTC Support Center agent

What values are you using for width and height? Have you tried adjusting the width, height, top and left values?


Phil Sohn Jan 07, 2020 03:09PM UTC
This is what I have as far as the params.

<style>
iframe {
position:relative;
width:$ 500px;
height: $ 700px;
opacity: $opacity;
z-index: 0.0001;
}
div {
position:absolute;
top:$ 320px;
left:$ 60px;
z-index: 1;

}
</style>
<div>Click me</div>
<iframe src="https://ac061faa1f6cc0c280ac415e00f80099.web-security-academy.net/account"></iframe>

Hannah Law Jan 07, 2020 03:17PM UTC Support Center agent

To start with, you will need to remove all the dollar signs that are present in your code.

Your first z-index will need to be changed back to 2.

You will need to change $opacity to an actual value. The suggested initial value is 0.1.

Additionally, the victim will be using Chrome, so if you aren’t already, you should be testing using that browser.

Please let me know if these steps do not resolve your issue.


Phil Sohn Jan 07, 2020 03:33PM UTC
Tyvm Hannah,

Idk how the HTML code was so butchered lol. Appreciate the help!

Hannah Law Jan 07, 2020 04:03PM UTC Support Center agent

No problem. Enjoy the rest of the labs!


Post Your public answer

Your name
Your email address
Answer