CTF#2 Level 6

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex6.php

Description: It seems you have landed on a site that takes HTML tags for article’s comments. You want to exploit this by making the users perform an action on the bank.php file in the root of site.com, if they are logged in there. You want users browsers to load that page and execute the query string transferTo with the number 555 as a parameter. Go ahead.

Vulnerability: A8 Cross-Site Request Forgery (CSRF)

Solution:

A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests the vulnerable application thinks are legitimate requests from the victim.

Allowed tags are b,em,p,i,u,s,img,a,abbr, cite and code.

I try <a href> tag, but not working then I use <img> tag in the comment form

 <img src="www.site.com/bank.php?transferTo=555">

Press “Add Comment” button, then I pass to Level 7.

Level6

Resources and Tools
1. OWASP A8 Cross-Site Request Forgery (CSRF) – https://github.com/OWASP/railsgoat/wiki/A8-CSRF

0 comments