Sign in to follow this  
Followers 0
Naylor__

Vulnerability CSRF

By Naylor__ in Hacking Tutorials

Recommended Posts

Naylor__    1

Naylor__

What is a CSRF vulnerability ?

 

CSRF is an abbreviation which means Cross-Site Request Forgery, it is also called Sea-Surfing but also often XSRF.

This is a web authentication vulnerability.

This technique benefits from the trust of Web applications to its customers. The goal is to force the victim's browser to send an HTTP request without the knowledge of this user who is logged into his account (the session must be active). It will exploit this authentication and will allow to execute actions in a completely transparent way.

 

How to exploit ?

[hide]

 


  • When you send a HTTP request the url look like : www.victim.com/transfer.php?from=Unknown&to=Someone&amount=100 


  • this is the normal request When "Unknown" send 100 units to "Someone" .


  • To exploit this vulnerability the Unknown's sessions must be active on the website, then send him the same url.


  •  when he will click on it, the target website will send 100 unit again to "Someone".


  •  but if you hide the url with BBcode like that : (if you have an error it's normal the www.victim.com website doesn't exist) ImageCool.jpghe 


  • he will believe that he's opening a image but in reality you can see that, If you click on this link you will see that the url is www.victim.com/transfer.php?from=Unknown&to=Someone&amount=100 


  • so the "Unknown" one will send without knowing 100 unit to "Someone"


  • Because the url will say to the www.victim.com website to send 100 units to "Someone"that work only if the victim.com session of "Unknown" is open because if not, no website will understand the request.


  • (in general session keep open because of cookies)

[/hide]

Leave a like 20x20https://forum.exploit-zone.eu/uploads/emoticons/biggrin.png[/img]

 

 

LEECHER DIE IN HELL  :pepegun:

Share this post

Link to post
Share on other sites

Erblin0303    0

Erblin0303

can you make a tutorial sniffing private api broo

Share this post

Link to post
Share on other sites

Naylor__    1

Naylor__

can you make a tutorial sniffing private api broo

 

yes why not, i will make a second tuto on the csrf vulnerabilty, where we're gonna build a code to exploit automatically a csrf vuln on your website and anonymously

Share this post

Link to post
Share on other sites

ASD55    0

ASD55

You can also learn many things here,

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Sign in to follow this  
Followers 0
Go To Topic Listing