Description: It seems you have landed on a site that takes HTML tags for article’s comments. You want to exploit this by making the users perform an action on the bank.php file in the root of site.com, if they are logged in there. You want users browsers to load that page and execute the query string transferTo with the number 555 as a parameter. Go ahead.
Vulnerability: A8 Cross-Site Request Forgery (CSRF)
You would need to use either the img or the a tag
The <a> tag would not execute each time the page is opened but each time the user clicks on it so the <img> tag is your best bet.
A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests the vulnerable application thinks are legitimate requests from the victim.
Allowed tags are b,em,p,i,u,s,img,a,abbr, cite and code.
I try <a href> tag, but not working then I use <img> tag in the comment form
Press “Add Comment” button, then I pass to Level 7.
Resources and Tools
1. OWASP A8 Cross-Site Request Forgery (CSRF) – https://github.com/OWASP/railsgoat/wiki/A8-CSRF