Tuesday, October 4, 2016

how to demonstrate XSS or CSRF with POST requests



sometimes XSS and CSRF attacks are only successful with HTTP post methods. to demonstrate and report them the easiest way is  to deploy a simple HTML page on a local webserver.


simple index.html which shows a button which executes the post






















post request sned












same example with autosubmit in javascript