0

I have to write an application for a course for university, that has certain vulnerabilities to CSRF attacks and then I have to write exploits. Because I'm out of ideas I'm just writing a lightweight clone of Instagram, that is completely vulnerable.

I want to write two exploits. The first should just be liking a post. The second one should upload a new post.

The app commonly uses an input of type file. Here is the problem. Can I somehow replace the file input in the exploit by just putting hardcoded data to the request? Like adding the bytes and the filetype to the request to simulate an existing file?

Marcel Lorenz
  • 295
  • 2
  • 13
  • 1
    You are not going to select a file from the computer. You can easily have an image stored as a string/blob and upload it. Not sure what that is going to do. – epascarello May 30 '22 at 18:42

1 Answers1

0

Can I somehow replace the file input in the exploit by just putting hardcoded data to the request? Like adding the bytes and the filetype to the request to simulate an existing file?

Just to answer the question and not to nag about good and bad practices: You could encode your needed "hardcoded" data as base64 and then programmatically convert it into a 'File' instance (or use it to simulate your file input in some other way).

Check out this question, you will find examples on how to do the conversion: How to convert Base64 String to javascript file object like as from file input form?

Tapsa
  • 26
  • 2