← All Challenges
Challenge 34 of 66

Request Forger

🟠 Hard Web App +100 XP

The password change form has no CSRF token. Craft a request that changes the admin password when they visit your page.

Request Forger // sandbox
Create a form that auto-submits to the change-password endpoint.

🏆 Challenge Complete!

+100 XP earned
Next Challenge →
← Prev Next →