Brute forcing login page with epoch time as anti-csrf token [on hold]
Im doing a lab running a php webserver.
Theres an admin page that POSTs “username=foo&password=bar&login-1558201477=”
The “login-(epoch) ” is converted from the http response timestamp as a hidden field.
I’ve tri… Continue reading Brute forcing login page with epoch time as anti-csrf token [on hold]