In this post, We demonstrated a scenario of exploiting CSRF vulnerability using DVWA vulnerable web application.

Cross site request forgery better known as CSRF exploits the website trust in the user. In CSRF, attackers forge requests to the website on behalf of the user making it look like it came from the user. Example application is password reset requests or changing password requests.

In CSRF, we would want to make a request to change a user’s password but making it as if the user made the request which is how CSRF works.
In order to exploit this vulnerability, we would need to grab the form code and use it in a page of our choosing.
Say we designed a page for software giveaways and we want visitors to visit the page and request a giveaway. Once they request a giveway, they unknowingly will send a password reset request to the website at which they have an account that happens to be our target.

Obtenga notas del certificado OSCP

Acerca del Autor

Creo notas de ciberseguridad, notas de marketing digital y cursos online. También brindo consultoría de marketing digital que incluye, entre otros, SEO, Google y meta anuncios y administración de CRM.

Ver Artículos