Tuesday, October 4, 2016

how to demonstrate XSS or CSRF with POST requests

sometimes XSS and CSRF attacks are only successful with HTTP post methods. to demonstrate and report them the easiest way is  to deploy a simple HTML page on a local webserver.

simple index.html which shows a button which executes the post

post request sned

same example with autosubmit in javascript