OWASP Security Shepherd Project - CSRF 1 (CSRF Challenge)
Challenge
Solution
Before we start this challenge, please remember you must be assigned into a class and there must be at least 2 users in the class, so that you could finish the challenge! For creating another user and assign class, please refer to How to create another user in Security Shepherd?In this challenge, our goal is to force another user to increase your CSRF counter through GET /user/csrfchallengeone/plusplus?userid=yourID.
The application of this challenge provides a image sharing forum which allow user to share any image link. As a result, we can put designed CSRF URL in forum and force another user to submit it without awareness of this request when he/she is accessing this forum .
Let's generate the URL as https://192.168.56.103/user/csrfchallengeone/plusplus?userid=637e8d2e65542fe82fe6da3b0356bc0865b0b791.
After our input to put the designed CSRF URL into this forum, once there is another user click this challenge, we will be able to pass the challenge.
p.s. if you're the only user in the system like me, you'll need to create another account and login as another account to validate if your designed URL works : -)
留言
張貼留言
Welcome to share your comments or questions : -)
Enjoy life!