CSRF archivos - cyberhub.es

CSRF with broken Referer validation

Descripción This lab’s email change functionality is vulnerable to CSRF. It attempts to detect and block cross domain requests, but the detection mechanism can be bypassed. To solve the lab, use your exploit server to host an HTML page that uses a CSRF attack to change the viewer’s email address. You can log in to […]

CSRF where Referer validation depends on header being present

Descripción This lab’s email change functionality is vulnerable to CSRF. It attempts to block cross domain requests but has an insecure fallback. To solve the lab, use your exploit server to host an HTML page that uses a CSRF attack to change the viewer’s email address. You can log in to your own account using […]

SameSite Lax bypass via cookie refresh

Descripción This lab’s change email function is vulnerable to CSRF. To solve the lab, perform a CSRF attack that changes the victim’s email address. You should use the provided exploit server to host your attack. The lab supports OAuth-based login. You can log in via your social media account with the following credentials: wiener:peter Note The […]

SameSite Strict bypass via sibling domain

Descripción This lab’s live chat feature is vulnerable to cross-site WebSocket hijacking (CSWSH). To solve the lab, log in to the victim’s account. To do this, use the provided exploit server to perform a CSWSH attack that exfiltrates the victim’s chat history to the default Burp Collaborator server. The chat history contains the login credentials […]

SameSite Strict bypass via client-side redirect

Descripción This lab’s change email function is vulnerable to CSRF. To solve the lab, perform a CSRF attack that changes the victim’s email address. You should use the provided exploit server to host your attack. You can log in to your own account using the following credentials: wiener:peter SameSite Strict bypass via client-side redirect writeup Entraremos […]

SameSite Lax bypass via method override

Descripción This lab’s change email function is vulnerable to CSRF. To solve the lab, perform a CSRF attack that changes the victim’s email address. You should use the provided exploit server to host your attack. You can log in to your own account using the following credentials: wiener:peter SameSite Lax bypass via method override writeup Entraremos […]

CSRF where token is duplicated in cookie

Descripción This lab’s email change functionality is vulnerable to CSRF. It attempts to use the insecure «double submit» CSRF prevention technique. To solve the lab, use your exploit server to host an HTML page that uses a CSRF attack to change the viewer’s email address. You can log in to your own account using the […]

CSRF where token is tied to non-session cookie

Descripción This lab’s email change functionality is vulnerable to CSRF. It uses tokens to try to prevent CSRF attacks, but they aren’t fully integrated into the site’s session handling system. To solve the lab, use your exploit server to host an HTML page that uses a CSRF attack to change the viewer’s email address. You […]

CSRF where token is not tied to user session

Descripción This lab’s email change functionality is vulnerable to CSRF. It uses tokens to try to prevent CSRF attacks, but they aren’t integrated into the site’s session handling system. To solve the lab, use your exploit server to host an HTML page that uses a CSRF attack to change the viewer’s email address. You have […]

CSRF where token validation depends on token being present

Descripción This lab’s email change functionality is vulnerable to CSRF. To solve the lab, use your exploit server to host an HTML page that uses a CSRF attack to change the viewer’s email address. You can log in to your own account using the following credentials: wiener:peter CSRF where token validation depends on token being present […]

Categoría: CSRF