[转载]CSRF Redirector
原始出处:[url]http://shiflett.org/blog/2007/jul/csrf-redirector[/url]Inspired by the [url=http://whiteacid.org/misc/xss_post_forwarder.php]XSS POST Forwarder[/url], I just created the [url=http://shiflett.org/csrf.php]CSRF Redirector[/url]. It's a simple tool that makes it easy to test [url=http://shiflett.org/articles/cross-site-request-forgeries]CSRF[/url] using POST, hopefully demonstrating how prevalent CSRF vulnerabilities are as well as reducing the misconception that forging a POST request is complicated.
To use it, construct a URL of the form [url]http://shiflett.org/csrf.php?csrf=[/url][font=nsimsun]URL[/font]&[font=nsimsun]NAME[/font]=[font=nsimsun]VALUE[/font], where [font=nsimsun]URL[/font] is the ([url=http://php.net/urlencode]URL-encoded[/url]) target site, and [font=nsimsun]NAME[/font] and [font=nsimsun]VALUE[/font] represent a name-value pair, of which there can be zero or more.
For example, the following IFrame exploits the [url=http://shiflett.org/blog/2007/mar/my-amazon-anniversary]Amazon vulnerability[/url]:
Toggle Code View
[code]<iframe src="http://shiflett.org/csrf.php?csrf=http%3A%2F%2Famazon.com%2Fgp%2Fproduct%2Fhandle-buy-box&ASIN=059600656X&offerListingID=XYPvvbir%2FyHMyphE%2Fy0hKK%2BNt%2FB7%2FlRTFpIRPQG28BSrQ98hAsPyhlIn75S3jksXb3bdE%2FfgEoOZN0Wyy5qYrwEFzXBuOgqf" />[/code]
I may add more features at some point. Until then, enjoy!
页:
[1]