spec/servers/modules/audit/csrf.rb in arachni-0.4.1.1 vs spec/servers/modules/audit/csrf.rb in arachni-0.4.1.2
- old
+ new
@@ -76,5 +76,24 @@
HTML
end
html
end
+
+get '/with_nonce' do
+ html = common
+
+ if logged_in?( cookies )
+ html << <<-HTML
+ <form name='insecure_important_form' action='?'>
+ <input name='hooa!' value='important stuff' />
+ </form>
+
+ <form name='secure_important_form' action='?'>
+ <input name='booya!' value='other important stuff' />
+ <input type='hidden' name='my_nonce' value='#{rand(999)}' />
+ </form>
+ HTML
+ end
+
+ html
+end