[6120ffab4a] Cross-Site Request Forgery (CSRF): Manually-created forms in django templates should specify a csrf_token to prevent CSRF attacks
Description
Manually-created forms in django templates should specify a csrf_token to prevent CSRF attacks
Confidence
MEDIUM
Impact
MEDIUM
Code Snippet
<form name="ajax" onsubmit="SendToServer()">
<label for="comment">Comment Your Thoughts:</label>
<input id="comment" type="text" name="comment">
<input type="hidden" id="Url" data-url="{% url 'xxe_parse' %}" />
<button class="btn btn-info" type="submit">Let the world see</button>
</form>
Path
introduction/templates/Lab/XXE/xxe_lab.html Col: 5, Line: 15, Offset: 381