Add explanation about forged image
This commit is contained in:
parent
07d9514db3
commit
73881dc6ca
1 changed files with 5 additions and 0 deletions
|
@ -26,3 +26,8 @@ Result:
|
|||
2. Type `<iframe src="javascript:alert('hello')">`
|
||||
|
||||
<!--- ToDo: Insert Picture -->
|
||||
|
||||
## Forged Picture
|
||||
This challenge is impossible due to the `/profile` page only reading the username from POST variables.
|
||||
|
||||
POST variables cannot be set through links and thus can't be set in an `img`-tag's `src` either.
|
||||
|
|
Loading…
Reference in a new issue