OWASP Security Shepherd Project - CSRF 1 (CSRF Challenge)

Challenge


Solution

    Before we start this challenge, please remember you must be assigned into a class and there must be at least 2 users in the class, so that you could finish the challenge! For creating another user and assign class, please refer to How to create another user in Security Shepherd?
    In this challenge, our goal is to force another user to increase your CSRF counter through GET /user/csrfchallengeone/plusplus?userid=yourID.
    The application of this challenge provides a image sharing forum which allow user to share any image link. As a result, we can put designed CSRF URL in forum and force another user to submit it without awareness of this request when he/she is accessing this forum .
    Let's generate the URL as https://192.168.56.103/user/csrfchallengeone/plusplus?userid=637e8d2e65542fe82fe6da3b0356bc0865b0b791.
    After our input to put the designed CSRF URL into this forum, once there is another user click this challenge, we will be able to pass the challenge.
    p.s. if you're the only user in the system like me, you'll need to create another account and login as another account to validate if your designed URL works : -)


留言

The Hottest Articles

OWASP Security Shepherd Project - My Practice & Solutions

OSCP回顧 & 準備建議

OWASP Security Shepherd Project - SQL Injection 3 (Injection Challenge)