This first post is related with one of my project : CSRFT. CSRFT is a Cross Site Request Forgery (CSRF) vulnerabilities Toolkit.

My toolkit allows you to exploit either GET and POST HTTP Requests. During some testings, I had issues with some specific forms.

Let’s take an example of such form :

<form action="http://website.com/blog/" id="form" method="get">
<label class="assistive-text" for="s">Search</label>
<input class="field" id="s" name="s" placeholder="Search" type="text" value="Search Value"/>
<input class="submit" id="searchsubmit" name="submit" type="submit" value="Search"/>
</form>

The code injected on the page to submit the form was like that :

Starting my own blog has been something I really wanted to do. I’ll add post related to my different projects but also on Web security.

Here are my different motivations :

1. Provide a portfolio of my different projects.

2. Explain some problems I had and provide the solution

3. Talk about some geek stuffs. Let’s see :)

Hope you’ll have fun to read me. Cheers and see you soon.