Solution:
Attack process:
Show as following picture.
1st, Victim has authenticated with WEB Server,
2nd, at the same time, the Attacker send a malicious link to fool victim to click
3rd, If the victim click the malicious link... the transfer will be happened underground.
In this case, we just post a massage with malicious code:
Title: my new picture
Message: <img src="http://192.168.235.134/WebGoat/attack?Screen=13&menu=900&transferFunds=4000" height=0 width=0 />
If the victim click the Title (my new picture), the transfer will be triggered.
The victim's browser will try to load the image file (height=0 and width=0 will make the picture to be invisible), then it will send forged request to the URL in "src" tag (with the victim's authentication info).
Reference:
[1] https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29
[2] https://www.owasp.org/index.php/Reviewing_code_for_Cross-Site_Request_Forgery_issues#Overview
[3] https://www.owasp.org/index.php/Testing_for_CSRF_%28OWASP-SM-005%29
[4] http://projects.webappsec.org/w/page/13246919/Cross-Site-Request-Forgery
Attack process:
Show as following picture.
2nd, at the same time, the Attacker send a malicious link to fool victim to click
3rd, If the victim click the malicious link... the transfer will be happened underground.
In this case, we just post a massage with malicious code:
Title: my new picture
Message: <img src="http://192.168.235.134/WebGoat/attack?Screen=13&menu=900&transferFunds=4000" height=0 width=0 />
If the victim click the Title (my new picture), the transfer will be triggered.
The victim's browser will try to load the image file (height=0 and width=0 will make the picture to be invisible), then it will send forged request to the URL in "src" tag (with the victim's authentication info).
Reference:
[1] https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29
[2] https://www.owasp.org/index.php/Reviewing_code_for_Cross-Site_Request_Forgery_issues#Overview
[3] https://www.owasp.org/index.php/Testing_for_CSRF_%28OWASP-SM-005%29
[4] http://projects.webappsec.org/w/page/13246919/Cross-Site-Request-Forgery
Great article it explains CSRF without getting too stuck in the weeds
ReplyDelete