So, I've found an XSS vuln that I'd like to exploit via a CSRF vuln, but I'm having trouble with encoding in the CSRF.
That obviously doesn't work because the quotes in the payload screw up the form. I can't URL encode the quotes because then they get double encoded and the payload won't execute. I've tried changing the enctype of the form to text/plain and multi-part/formdata but no luck. The CSRF vulnerable link will only take POST, not GET.
Any input is appreciated!