Skip to content

Cross-Site Request Forgery (CSRF): Manually-created forms in django templates should specify a csrf_token to prevent CSRF attacks #62

@safedep-labs

Description

@safedep-labs

[6120ffab4a] Cross-Site Request Forgery (CSRF): Manually-created forms in django templates should specify a csrf_token to prevent CSRF attacks

Description

Manually-created forms in django templates should specify a csrf_token to prevent CSRF attacks

Confidence

MEDIUM

Impact

MEDIUM

Code Snippet

<form name="ajax" onsubmit="SendToServer()">
    <label for="comment">Comment Your Thoughts:</label>
    <input id="comment" type="text" name="comment">
    <input type="hidden" id="Url" data-url="{% url 'xxe_parse' %}" />
    <button class="btn btn-info" type="submit">Let the world see</button>
</form>

Path

introduction/templates/Lab/XXE/xxe_lab.html Col: 5, Line: 15, Offset: 381

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions