I am having trouble submitting parameters to a website via an html code simulating an XSRF attack. I have the html below in which I have set the parameters for the action including an account #, routing #, action, and a value that need to reverse engineer through source code that represents the users session.
When ran, the site either returns "Changes Saved" indicating a successful XSRF attack or returns "XRSF Blocked" indicating I did not derive the fourth value correctly.
However, when I log in to the site and execute the script, nothing is returned and even the page forms are unchanged. I think something in my syntax is probably slightly off. Can someone assist?
<!DOCTYPE html> <html> <meta charset="UTF-8"/> <title>XSRF</title> </head> <body onload='document.forms.submit();'> <form action='some_php_file.php' method='POST'> <input type='hidden' name='action' value='save'/> <input type='hidden' name='account' value='3192332'/> </form> </body> </html>