>/Ctf_tasks/job_match $
Estimated reading time: 53 seconds
Category: Web
Difficulty: Medium
JobMatch - Where Dreams Meet Opportunities (and Vulnerabilities)
I've stumbled upon this new job matching platform called JobMatch. It's pretty slick you can accept or reject job offers with a simple click. The developers seem proud of their modern JavaScript-based interface. Surely they've implemented proper security for such sensitive actions, right?
Your goal
Exploit the CSRF vulnerability to make an authenticated user accept a job offer without their knowledge.
The flag will be revealed when victim user accepts your job application.
Requirements
- A browser
- Basic understanding of HTTP requests and forms
- Knowledge of CSRF attacks
- Creativity in social engineering (or automated exploitation)
Good luck and remember: sometimes clicking "Accept" isn't really your choice. 🎯
Download attachments:
X