In this post, We demonstrated a scenario of exploiting CSRF vulnerability using DVWA vulnerable web application.

Cross site request forgery better known as CSRF exploits the website trust in the user. In CSRF, attackers forge requests to the website on behalf of the user making it look like it came from the user. Example application is password reset requests or changing password requests.

In CSRF, we would want to make a request to change a user’s password but making it as if the user made the request which is how CSRF works.
In order to exploit this vulnerability, we would need to grab the form code and use it in a page of our choosing.
Say we designed a page for software giveaways and we want visitors to visit the page and request a giveaway. Once they request a giveway, they unknowingly will send a password reset request to the website at which they have an account that happens to be our target.

Obtenir les notes du certificat OSCP

 
, , ,
Montrer les Commentaires

Motasem

A propos de l'Auteur

Je crée des notes de cybersécurité, des notes de marketing numérique et des cours en ligne. Je fournis également des conseils en marketing numérique, y compris, mais sans s'y limiter, le référencement, les publicités Google et Meta et l'administration CRM.

Voir les Articles