LAB 1 - CSRF vulnerability with no defenses

Initial instructions

This lab's email change functionality is vulnerable to CSRF.

To solve the lab, craft some HTML that uses a CSRF attack to change the viewer's email address and upload it to your exploit server.

You can log in to your own account using the following credentials: wiener:peter

First of all I started by login with the given credentials.

Now lets update the email but lets intercept all with BurpSuite.

In BurpSuite we get the following request.

Lets generate a CSRF PoC. And we got the following so lets send it to the victim but changing the email address to any other email.

Lets go to the exploit server and send it to the victim.

Congratulations, you solved the lab!