Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root:~]# CSRF=$(curl -s -c dvwa.cookie 192.168.1.33/DVWA/login.php | awk -F 'value=' '/user_token/ {print $2}' | cut -d "'" -f2)
- [root:~]# curl -s -i -b dvwa.cookie -d "username=admin&password=password&user_token=${CSRF}&Login=Login" 192.168.1.33/DVWA/login.php
- HTTP/1.1 302 Found
- Date: Thu, 15 Oct 2015 20:32:34 GMT
- Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1h PHP/5.4.31
- X-Powered-By: PHP/5.4.31
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- Location: index.php
- Content-Length: 0
- Content-Type: text/html
- [root:~]#
- [root:~]# curl -s -i -b dvwa.cookie -d "username=admin&password=password&user_token=${CSRF}&Login=Login" 192.168.1.33/DVWA/login.php | grep Location
- Location: index.php
- [root:~]# curl -s -i -b dvwa.cookie -d "username=admin&password=incorrect&user_token=${CSRF}&Login=Login" 192.168.1.33/DVWA/login.php | grep Location
- Location: login.php
- [root:~]#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement