Skip to main content

CSRF

Objective

Your task is to make the current user change their own password, without them knowing about their actions, using a CSRF attack.

Security Level: Low

There are no measures in place to protect against this attack. This means a link can be crafted to achieve a certain action (in this case, change the current users password). Then with some basic social engineering, have the target click the link (or just visit a certain page), to trigger the action. Spoiler: ?password_new=password&password_conf=password&Change=Change.

1

Let's click on the Test Credentials button and enter password as the password.

2

We can now set the password to any other value let's say password123 and intercept the request using Burpsuite.

4

As we can see, the passwords are being used in the URI.

We can now use this send this URI to a victim to have their password changed..

http://10.0.4.5/DVWA/vulnerabilities/csrf/?password_new=password123&password_conf=password123&Change=Change

 

Security Level: Medium

For the medium level challenge, there is a check to see where the last requested page came from. The developer believes if it matches the current domain, it must of come from the web application so it can be trusted. It may be required to link in multiple vulnerabilities to exploit this vector, such as reflective XSS.

Let's intercept the request in Burpsuite again.

5

We can see, that the Referer header has the same domain as the one we are on i.e. DVWA/vulnerabilities/csrf/.

As the hint suggests, we are going to need to use the reflected XSS vulnerability to exploit this level.