Home PortSwigger Labs - CSRF with no defenses
Post
Cancel

PortSwigger Labs - CSRF with no defenses

Martino Tommasini on Jul 132021-07-13T16:18:00+02:00
1 min read

Description

Link: https://portswigger.net/web-security/csrf/lab-no-defenses

Writeup

We can login to our account with the credentials we have wiener:peter.

Once logged it we are redirected to our account page

Here we can change our email by providing a new email.

We fire up Burp in order to record the update email request and analyze it

The new email is specified in the POST body and url encoded.

Since there aren’t any CSRF protections we can simply make the victim issue a change email operation and hardcode the new email in the post body.

The response that we will serve back to the victims when they visit the /exploit page is the following:

The form will be submitted without any user interaction and they email will be changed to pwned@gmail.com.

The CSRF attack succedeed.

PortSwigger-Labs
csrf
This post is licensed under CC BY 4.0 by the author.
Recent Update

PortSwigger Labs - Stored XSS to CSRF to change users email

PortSwigger Labs - Simple XXE to retrieve sensible files