|
|
Web Application Security
CSRF through POST Dec 15 2009 12:57AM Robin Wood (dninja gmail com) (2 replies) Re: CSRF through POST Dec 16 2009 04:37PM arvind doraiswamy (arvind doraiswamy gmail com) (1 replies) Re: CSRF through POST Dec 16 2009 04:47PM Robin Wood (dninja gmail com) (2 replies) |
|
Privacy Statement |
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Robin,
>
> I went over your question and looks pretty interesting, so, as Boaz
> said, the way that you can use is Javascript to do the job.
>
> Take this example:
>
> <form name="myform" action="handle-data.php">
> Search: <input type='text' name='query' />
> <a href="javascript: submitform()">Search</a>
> </form>
> <script type="text/javascript">
> function submitform()
> {
> document.myform.submit();
> }
> </script>
>
> Javascript uses a submit() method which is used for HTML Forms in
> order to send data over HTTP POST method. In this case, you can
> configure the Javascript given as example as you required.
Thanks, I've also seen the submit call being done through
onDocumentLoad and from timers which seems to be an ideal way to work
with multi-page forms.
I'm building up a nice little arsenal of attacks here.
Robin
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
[ reply ]