CSRF is an attack that allows an attacker to insert a script into a browser and exploit a user's authenticated session to request the server side for intended actions(remittance, product purchase, etc.). This is a problem that arises because certain web applications trust users.
Lab: CSRF vulnerability with no defenses
[Information]
[Problem solving]
1. I accessed the lab and logged in with the following account. "wiener:peter". Then I changed my email and grabbed it as a proxy.
2. I checked the POST request related to email change on the Logger tab of Burp Suite and right-clicked to access the CSRF PoC generation tool
The HTML code was copied from the CSRF PoC generator, pasted into the body part of the server attack-related page, and the attack was delivered after changing the viewer's email address.
The lab was solved.
'Wargame & CTF > PortSwigger' 카테고리의 다른 글
| [Client-side topics] Cross-site scripting(XSS) (0) | 2024.04.06 |
|---|---|
| [Server-side topics] OS command injection (0) | 2024.03.29 |
| [Server-side topics] Path traversal (0) | 2024.03.25 |
| [Server-side topics] Authentication vulnerabilities (0) | 2024.02.27 |
| [Server-side topics] SQL injection (0) | 2024.02.11 |