Skip to content

XSS - Update Topic 2 #23

@eric56379

Description

@eric56379

If a student changes the hidden input field within "inspect element" to "Hacker", this allows them to access Hacker's account without even doing XSS. Change the logic of how this form handles submissions so that it will not redirect based on the authentication token from the form.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions