Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- if(isset($_SESSION['views']))
- unset($_SESSION['views']);
- $allowed_host = 'r00tsh3ll.com';
- $host = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST);
- if(substr($host, 0 - strlen($allowed_host)) == $allowed_host)
- {
- if (isset($_POST['name'])&&isset($_POST['work'])&&!empty($_POST['name'])&&!empty($_POST['work'])){
- $name= $_POST['name'];
- $work= $_POST['work'];
- echo 'Your Details Has Been Updated <br> Name Is = '.$name.' <br>Work Is = '.$work;
- } else { echo 'All fields are recommended'; }
- } else { echo "<h1><font color='red'>Referrer Is Not Match CSRF Attack Detected</font></h1>"; }
- if(isset($_GET['xssrbased'])){
- $redirection=$_GET['xssrbased'];
- header("Location: ".$redirection);
- }
- else { echo '';
- }
- if(isset($_GET['something'])){
- $show=$_GET['something'];
- echo ' Your Value Is=== '.$show;
- }
- else { echo 'please enter some value to echo';
- }
- ?>
- <h1> Referrer Based CSRF Protection Bypass Demostration</h1>
- <h1>Update Details</h1>
- Hello User
- <form action="referrer.php" method="POST">
- Name:<br><input type="text" input name="name"></br>
- Profession:<br> <input type="text" input name="work"></br>
- ---><input type=submit input value="Click To Update">
- </form>
- <form action="referrer.php" method="GET">
- Enter Something For Echo:<input type="text" input name="something">Example- Hey Baby</br>
- ---><input type=submit input value="Click To Echo">
- </form>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement