🥐Cross-site request forgery (CSRF)
CSRF allows an attacker to induce users to perform actions that they do not intend to perform
In a successful CSRF attack, the attacker causes the victim user to carry out an action unintentionally like changing the email address on their account, changing their password, or to make a funds transfer
since we do not have burp pro, we can use this repo to create our PoC: https://github.com/merttasci/csrf-poc-generator OR https://security.love/CSRF-PoC-Genorator/
Lab: CSRF vulnerability with no defenses
We see a "update email" field:
I capture the request of an email change:
I then go on the exploit server and write this code:
Last updated