Hackzzz - The Notebook
  • ⚡Welcome!
    • 👾Hackzzz
    • 📝Writeups
      • HackTheBox
        • 🐧Linux
          • Lame
          • Squashed
          • Faculty
        • 🪟Windows
          • Jeeves
          • Bart
          • Active
          • Tally
      • Portswigger
        • 📂File upload
          • Apprentice
            • Remote code execution via web shell upload
            • Web shell upload via Content-Type restriction bypass
        • 💉SQL Injection
          • Apprentice
            • SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
            • SQL injection vulnerability allowing login bypass
          • Practioner
            • SQL injection UNION attack, determining the number of columns returned by the query
            • SQL injection UNION attack, finding a column containing text
            • SQL injection UNION attack, retrieving data from other tables
            • SQL injection UNION attack, retrieving multiple values in a single column
            • SQL injection attack, querying the database type and version on Oracle
            • SQL injection attack, querying the database type and version on MySQL and Microsoft
            • SQL injection attack, listing the database contents on non-Oracle databases
            • SQL injection attack, listing the database contents on Oracle
            • Blind SQL injection with conditional responses
            • Blind SQL injection with time delays
            • Blind SQL injection with time delays and information retrieval
        • 📑Information Disclosure
          • Apprentice
            • Error Messages
            • Filtering a debug page
            • Backup Leakage
            • Authentication bypass via information disclosure
          • Practitioner
            • Information disclosure in version control history
        • 🪜Directory Traversal
          • Apprentice
            • File path traversal, simple case
          • Practioner
            • File path traversal, traversal sequences blocked with absolute path bypass
            • File path traversal, traversal sequences stripped non-recursively
            • File path traversal, traversal sequences stripped with superfluous URL-decode
            • File path traversal, validation of file extension with null byte bypass
        • 🧑‍💻OS Command Injection
          • Apprentice
            • OS command injection, simple case
          • Practioner
            • Blind OS command injection with time delays
            • Blind OS command injection with output redirection
        • 🧃Broken Authentication
          • Apprentice
            • Username enumeration via different responses
            • 2FA simple bypass
            • Password reset broken logic
        • 🗃️Access Control
          • Apprentice
            • Unprotected admin functionality
            • Unprotected admin functionality with unpredictable URL
            • User role controlled by request parameter
            • User role can be modified in user profile
            • User ID controlled by request parameter
            • User ID controlled by request parameter, with unpredictable user IDs
            • User ID controlled by request parameter with data leakage in redirect
            • User ID controlled by request parameter with password disclosure
            • Insecure Direct Object References (IDOR)
        • 📝External Entity Injection
          • Apprentice
      • TryHackme
        • 🐧Linux
        • 🪟Windows
          • Crocc Crew
          • Enterprise
    • 🔮Github
    • 📺YouTube Channel
  • Everything About and Notes
    • 🥷Five stages of Ethical Hacking
    • 🔍OSINT
      • 🕵️Information Gathering Methodologies
        • Information Gathering
        • OSINT Employee's
        • Automate OSINT techniques
          • Sherlock
          • PhoneInfoga
          • Osintgram
          • twint
          • Userrecon
      • Discovering Email Address
      • Breach Credentials
      • Reverse Image Searching
      • Hunting Usernames & Accounts
      • Searching People
      • Phone Numbers
      • Google Dorks
      • Search Engines
      • Default Passwords
      • Aircraft Tracking
      • Car OSINT
      • Wi-Fi OSINT
      • OSINT Virtual Machine
    • 👁️Network Pentesting
      • MITM Cheatsheet
      • Host Discovery
      • Scanning Hosts
      • Sniffing
      • Spoofing
      • DNS spoofing + apache2
      • Firewall/IDS Evasion
      • 🖨️Printer Hacking
      • 👁️‍🗨️IoT Pentesting
    • 🪟Windows and Active Directory
      • Windows Basic Commands
        • Network Command's
        • Tasks
        • Computer Slow Command's
        • Bypass Windows Admin Prompt
      • Active Directory
        • AD Enumeration
        • Man-In-The-Middle Attacks
          • SMB Relay
          • LLMNR Poisoning
        • Zerologon (2020-1472)
        • Password Cracking
        • Kerberoasting
          • Kerbrute
          • ASREP Roasting
        • Post-Compromise Enumeration
          • Powerview
          • Bloodhound
            • Installing & Setting Up
            • SharpHound
            • Using BloodHound
        • Post-Compromise attacks
          • Privilege Escalation
            • Token Impersonation
            • Print Nightmare (CVE-2021-1675)
          • Pass Attacks
            • Pass the Hash
            • Pass the Password
            • GPP cPassword Attack
          • Mimikatz
            • Golden Ticket Attack
          • Dumping hashes (secretsdump)
      • Windows Privilege Escalation
        • Unquoted Path Service
        • Abusing the Golden Privileges
        • Print Spoofer
        • Print-Nightmare
        • Rogue Potato
      • Active Directory Exploitation Cheat Sheet
      • Active Directory Attacks (PayloadAllTheThings)
    • 🧠Social Engineering
      • Windows Malware
        • Generating Undetectable backdoors
        • Bypassing Anti-Virus by modifying Hex Value
        • Creating Trojans
          • Embedding malicious files in Images or PDF
          • Changing Trojans Icon
          • Spoofing file extensions
          • Microsoft Office Trojans
            • Word Macros
      • OS X Malware
        • Using Msfvenom
      • Linux Malware
        • Simple Backdoors
        • Embedding Evil Code in a Legitimate Linux Package
        • Backdooring An APK
      • Spying Software
      • Delivery methods
        • Gophish
        • Spoofing Emails
          • Setting Your Own SMTP server
        • Creating Fake Login Website
        • Manipulating URL's
      • Make attacks outside the network
        • Ngrok
      • Social Engineering
      • Social Engineering by Cristopher hadnagy
    • 🕸️Web Pentesting
      • Web Basics
      • Information Gathering - Some One-liners
      • File Upload
      • Code Execution
      • Local File Inclusion
      • SQL Injection
      • XSS (Corss-site scripting)
      • CSRF (Cross-site requests forgery)
      • Discovering Vulnerabilities using OWASP ZAP
      • CMS
        • Wpscan
      • 🕷️OWASP Testing Guide
      • 📒Bug Bounty Checklist
    • 📡Wireless Pentesting
      • Wi-Fi Network Fundamentals
        • Basic Terminologies and Concepts
      • De-authentication
      • Disassociation Packets
      • Beacon Flooding
      • Authentication Denial-Of-Service
      • SSID Probing and Bruteforcing
      • EAPOL Start and Logoff Packet Injection
      • Attacks for IEEE 802.11s mesh networks
      • WIDS Confusion
      • WEP
        • Caffe-Latte
      • WPA/WPA2 - PSK
        • Handshake Capture
        • WPA Cracking
        • Resources
      • Evil Twin Attacks
        • WifiPumpkin3
          • Creating a fake access point
          • Using captive portal attack
          • Pulp scripts
      • WI-FI Pentesting Guide
      • Wifi Hacking Using Windows CMD
    • 🔥Binary Explotation
      • Assembly for Reverse Engineering
      • Reversing
    • 🏃‍♂️Pivoting & Port-forwarding
      • Chisel
      • SSH
      • Socat
      • plink
      • sshuttle
      • Pivoting Bash Scripts
    • 📱Mobile Application Pentesting
      • Android Hacking Methodology
      • Mobile Application CheatSheet
      • Android Penetration Testing
    • 🦾Arduino
    • 🌐External Pentesting
      • External Pentesting
  • Gadgets
    • 📇Proxmark3
      • Attacking MIFARE Classic 1KB
    • 📡SDR Hacking
      • Hardware
      • Using RTL-SDR
      • DragonOS
    • 🍍WI-FI Pineapple
      • Evil Portals
  • 🚩Resources
    • 🐙Extras
      • Drone Hacking
      • Password Cracking with Rules and Munging
      • Game Hacking
      • Carding
      • Personal Security Checklist
    • 🟦Metasploit
      • Metasploit Modules
    • rc Personal Config (.bashrc && .zshrc)
    • WADCOMS
    • GTFOBins
    • LOLBAS
    • Devhints
    • Weakpass
    • Revshells
    • 📑Pentesting Reports Repo
Powered by GitBook
On this page
  • Examples of CSRF
  • Example CSRF changing password through a link
  1. Everything About and Notes
  2. Web Pentesting

CSRF (Cross-site requests forgery)

PreviousXSS (Corss-site scripting)NextDiscovering Vulnerabilities using OWASP ZAP

Last updated 1 year ago

  • Requests are not validated at the server side

  • server does not check if the user generated the request

  • Requests can be forged and sent to users to make them do things that they don't want to do.

Examples of CSRF

  • We see that the Changing password form is not verifying if the user wants to do the following action.

  • To start exploiting this we need to copy the "new password form" to paste it on our machine and start playing with it.

Above we can see that we are executing successfully CSRF file, now if we change the first action parameter to the URL of the web page where is this exact same form the data that the user inputs will be redirected to the site, and the password will be changed.

Example CSRF changing password through a link

  • Here we can see that making some changes to the form and start an Apache web server to load the csrf.html, we can make a user to click on it and its password will be changed.

Code example: csrf.html

<form id=form1 action="http://192.168.1.1/dvwa/vulnerabilities/csrf/" method="GET"><br>

    <input type="hidden" autocomplete="off" name="password_new" value="666666">
    <input type="hidden" autocomplete="off" name="password_conf" value="666666">
    <input type="hidden" value="Change" name="Change">
    </form>

<script>document.getElementById('form1').submit();</script>
🕸️