Regarding the XSS, you CAN actually test this on the page we have access to, if you change the request method to GET. It may not have been the case when this video was recorded, as I notice some other small differences in the lab since the video came out. What made me try it was the fact that Rana herself uses a GET request to send the XSS payload. Thanks for the videos!

Looking forward to the course!

Reason 4 sold me!

thanks, you did great.

i dont have burpsuite pro

Sorry, i could not understand this lab.

Hey Rana, i think that your code to fetch the csrf-token does not work properly. I tested it by sending the csrf token parsed from the HTML response to my burp collaborator instead of sending foundXSS=1. I found this out by doing the XSS labs and had to extract an csrf token to pass the lab and i failed using your function. PoC: (1) Your text.match(/csrf" value="([^"]+)"/) function xss_vector = '">'; leads to request to collaborator: GET /?csrf%22 HTTP/1.1 (2) Extracting the 2nd position [1] out of the resulting array from the match() function. xss_vector = '">'; or alternative xss_vector = '">'; will both lead to request to collaborator: GET /?GB9mbYqJlmG7smrWCl8g051Hlmxx35TJ HTTP/1.1 Nonethless this particular lab will still be solved with an invalid csrf token since it does not validate/need any credentials or tokens in order to delete the carlos user.