RedolentSun
commented
6 years ago reported by @sashalashae
Open RedolentSun opened 6 years ago
RedolentSun
commented
6 years ago reported by @sashalashae
melophonic
commented
6 years ago Similar to what was reported with the XSS flags. Any information we could get about what specific circumstances allow recreation would help.
sashalashae
commented
6 years ago I do believe it has something to do with the session Id. The student had to restart their browser and burp suite, to be able to see the flag.
CSRF site is giving weird responses. For example challenge 8, a student was able to implement the attack, but the flag was not appearing. Another student did the same attack and the flag appeared. CSRF 7-10 are working partially, they will work for one person, but not the other.