-
-
Save The-XSS-Rat/1c9393be1afff46b198f7aad91608752 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| session_start(); | |
| include 'instructions.php'; | |
| if (empty($_SESSION['token'])) { | |
| $_SESSION['token'] = bin2hex(random_bytes(32)); | |
| } | |
| $token = $_SESSION['token']; | |
| if (!empty($_POST['token'])) { | |
| if (str_contains($_SESSION['token'],$_POST['token'])) { | |
| echo "CSRF token verified"; | |
| } else { | |
| echo "Nope"; | |
| } | |
| } | |
| ?> | |
| <h1>Which of these forms has an issue with the CSRF token? </h1> | |
| <form action="i20.php" method="POST"> | |
| <div> | |
| <label for="say">What greeting do you want to say?</label> | |
| <input name="say" id="say" value="Hi"> | |
| </div> | |
| <div> | |
| <label for="to">Who do you want to say it to?</label> | |
| <input name="to" id="to" value="Mom"> | |
| </div> | |
| <div> | |
| <button>Send my greetings</button> | |
| </div> | |
| </form> | |
| <form action="i20.php" method="POST"> | |
| <div> | |
| <label for="say">do you want to change your email adress?</label> | |
| <input name="say" id="say" value="Hi"> | |
| </div> | |
| <div> | |
| <label for="to">Repeat email?</label> | |
| <input name="to" id="to" value="Mom"> | |
| </div> | |
| <div> | |
| <button>Change my email</button> | |
| </div> | |
| </form> | |
| <form action="i20.php" method="POST"> | |
| <div> | |
| <button>logout</button> | |
| </div> | |
| </form> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment