Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Bypass CSRF Medium Security in DVWA

0
0

In previous article we have discussed about how to bypass low level security if a web application server is suffering from cross site request forgery (CSRF). Today we will see how to exploit a web application server with CSRF attack if the security level get increased or say set to medium and try to change the password of admin without his permission.

Let’s start!!!

Again I have target DVWA for this tutorial and by default the credential set for it is admin: password . As you can see I have used them for login in DVWA


Bypass CSRF Medium Security in DVWA

Set security level medium select the bug cross site request forgery as current vulnerability. Here you see the text fields are given for changing the password of the database for user admin.


Bypass CSRF Medium Security in DVWA

If you remembered in the previous article we have executed csrf.html file to change the password for admin when security level is low.

In following screenshot you can see I have given value= “hacker” as new password and confirm password.


Bypass CSRF Medium Security in DVWA

Now I am going to test whether the same file csrf.html would be capable to change the password for admin when security level is medium . From screenshot you can see I try to execute csrf.html file which might reset the password.


Bypass CSRF Medium Security in DVWA

As result you can see I didn’t successes to bypass medium security using csrf.html and got an error message “ that request didn’t look correct ”. Hence the technique which we have used in low security will get failed in medium security level.


Bypass CSRF Medium Security in DVWA

Sometimes it might be possible that a web application server may have more than one vulnerabilities in it. It could be a big advantage because making use of other vulnerability we can perform an action to execute our malicious file through it.

Now first of all change csrf.html into csrf.php file, then set low security level and switch into file uploading vulnerability inside DVWA.

Here the above text file of html form is now saved as csrf.php is successfully uploaded in the server which you can see from given screenshot.


Bypass CSRF Medium Security in DVWA

Now browse the path 192.168.1.102:81/dvwa/hackable/uploads/csrf.php in URL to execute csrf.php file and click on change button.


Bypass CSRF Medium Security in DVWA

GREAT!!!

From screenshot you can see without admin permission we have successfully changed his password.


Bypass CSRF Medium Security in DVWA

Now let’s verify, as we know the previous credential was admin: password ; here when I try to use them it shows the login failed.


Bypass CSRF Medium Security in DVWA

Further when I try with admin: hacker as current credential, I login successfully inside DVWA. This was all about CSRF tutorial to bypass medium security in DVWA.


Bypass CSRF Medium Security in DVWA

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here


Viewing all articles
Browse latest Browse all 12749