LAB 2 - CSRF where token validation depends on request method¶

Initial instructions¶

This lab's email change functionality is vulnerable to CSRF. It attempts to block CSRF attacks, but only applies defenses to certain types of requests.¶

To solve the lab, use your exploit server to host an HTML page that uses a CSRF attack to change the viewer's email address.¶

You can log in to your own account using the following credentials: wiener:peter¶

To solve this lab first of all we need to intercept with Burpsuite the request wehen Update our email. And we will get the following request.

alt text

Lets try generate a PoC CSRF and send it to the victim.

alt text

But if we send it to the victim after some minutes we will realize it didn't work, so lets try change the request method and send the exploit again to the victim.

Lets go to Burpsuite again and change method request, we will have something similar like the following screenshot.

alt text

Lets generate a CSRF PoC with this request.

alt text

Lets copy the result and paste it into the exploit server, now we will deliver it to the victim. (Remember change email by another one.)

alt text

LAB 2 - CSRF where token validation depends on request method¶

Initial instructions¶

This lab's email change functionality is vulnerable to CSRF. It attempts to block CSRF attacks, but only applies defenses to certain types of requests.¶

To solve the lab, use your exploit server to host an HTML page that uses a CSRF attack to change the viewer's email address.¶

You can log in to your own account using the following credentials: wiener:peter¶

Congratulations, you solved the lab!¶