session 16: CSRF

1. CSRF --> Cross Site Request Forgery
2. -----------------------------------
3. It is when a user visit a website and he is an authenticated user of the website. A attacker will send you a script---> malicious script.... which will let you fill your own details in the script---> web page, web based application, web form...
4.  
5. www.bank.in | www.moviesdownload.in
6.  
7. Username:
8. Password:
9. E-mail:
10. Credit Card Number:
11.  
12.  
13.  
14. please reset the password of moviesdownload.in
15. current password:
16. new password:
17. confirm password:
18.  
19.  
20.  
21. password will change at: www.bank.in
22.  
23.  
24. www.facebook.com
25. forget password
26. email
27. mobile number
28.  
29.  
30. OPT Range --> 0000-9999
31. 000000-999999
32. Brute Force attack
33.  
34. www.facebook.com --> 5+ OTP try --> 24 hours block
35.  
36. m.facebook.com --> 5+ OTP try --> 24 hours block
37.  
38. beta.facebook.com --> infinite try--> we wont block the account
39. 1000$ --> facebook bug----> 7,00,000
40. Black Market ---> 10 times
41. Obama hack ---> Hacked By Indian Hacker
42. Black list---> unethical and illigal work
43.  
44.  
45.  
46. HE promised that he will only use his knkowledge for ethical hacking.
47.  
48.  
49. Banking sites --> Money transaction, paytm money tranfer---> wallet
50. CSRF --> Money amount----> 500 ---> 5000
51. 8979234509 ---> 8054503615
52.  
53. <html>
54. <body>
55. <form action="http://127.0.0.1/dv18/vulnerabilities/csrf/" method="GET">
56. enter credit card NUmber<br><input type="text"> <br>
57. New password:<br>
58. <input autocomplete="off" name="password_new" type="password"><br>
59. Confirm new password: <br>
60. <input autocomplete="off" name="password_conf" type="password">
61. <br>
62. <input value="Change" name="Change" type="submit">
63. </form>
64. </body>
65. </html>
66.  
67. Missing Function Level Access Control
68. -------------------------------------
69. www.xyz.com/admin/changePassword
70.  
71. www.xyz.com/rohit/changePassword
72.  
73.  
74. University
75. ----> Vice Chan
76. ---->chan
77. --->Dean
78. --->HOD
79. --->Professor
80. --->Student
81.  
82.  
83.  
84. Invalidated Redirects & Forwards
85. --------------------------------
86. I can visit each and every directory of the website with out any authentication....i can visit and change the configuration of the system just by visiting the site's directory with out any authorization....
87.  
88.  
89.  
90.  
91.  
92.  
93.  
94. www.xyz.com/index/who/php?id=something
95.  
96.  
97. www.hackKrLo.com
98.  
99.  
100.  
101. www.xyz.com/index/who/php?id=www.hackKrLo.com
102. will open www.hackkrlo.com --> i will ask the juicy data from the user.....
103.  
104. XSS+Invalidated re & fw --> big hack
105.  
106.  
107.  
108.  
109.  
110. netsparker