Dashboard Articles Playground Discussions More
Follow

Invalid login details

HTTP method

ChristianPA
4 years ago

0

Hey guys,
I have been stuck for a while now… I can make the post request and pass the csrf-token, however i get the error message saying Invalid login details. Which is weird, since they give the password in the page.
I tryed passing the password via html attribute, or with the csrf, but it is still failing me…

Can anyone point me in the right direction?

Thanks

Thread has been resolved, jump to solution
10replies
5voices
743views
1image
wimon
4 years ago | edited 4 years ago

0

Your request does not send a password, check the attributes

ChristianPA
4 years ago

0

@wimon I’m not sure what you mean… I tried passing the password as part of the url or as an attribute but neither seems to work

wimon
4 years ago | reply to #79731

0

for me it was also not worked, so I used method with the web form

Reply has been removed
naraaz
4 years ago

0

Hi ChristianPA, have you included your PHPSESSID in your request?

ChristianPA
4 years ago

0

Hi @naraaz, yes I have :(

I tried many things lol

I tried editing the page html to add a form tag with method post and the action pointing to the page url + csrf-token and then an input tag for the password and one for the submit, as well as trying to put this code in its own .html doc and run it (and many variations on both) but I always get ‘Invalid Login Details’ back

naraaz
4 years ago

1

Christian, you are pretty close, don’t give up!

A good way to understand how the server expects the POST request to be structured would be to look at how another form on the page is submitted. In particular what fields are included.

Salvatore [SalMau]
4 years ago

0

I tried also to inject this in the HTML but I get no answer from the site. I need help too, I’m going to the right way? I would appreciate a lot any advice. Thanks!

#i think that this is wrong

Salvatore [SalMau]
4 years ago

0

Ok I made it, I haven’t noticed that the site doesn’t allow me to past the HTML. It’s easier when you get it, good luck!

wimon
4 years ago | reply to #79763

0

if your problem is relevant

you must use token, but this is not crf-token, you can find it in source ;)

ChristianPA
4 years ago

0

I’m not sure how, but I solved it lol
I think that i had an extra ‘/’ in my url

Discussion thread has been locked. You can no longer add new posts.
1 of 11

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss