AboutCSRF is an attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated. With a little help of social engineering (such as sending a link via email/chat), an attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application. This attack may also be called "XSRF", similar to "Cross Site scripting (XSS)", and they are often used together. ObjectiveYour task is to make the current user change their own password, without them knowing about their actions, using a CSRF attack. Low LevelThere are no measures in place to protect against this attack. This means a link can be crafted to achieve a certain action (in this case, change the current users password). Then with some basic social engineering, have the target click the link (or just visit a certain page), to trigger the action. Spoiler: ?password_new=password&password_conf=password&Change=Change.
Medium LevelFor the medium level challenge, there is a check to see where the last requested page came from. The developer believes if it matches the current domain, it must of come from the web application so it can be trusted. It may be required to link in multiple vulnerabilities to exploit this vector, such as reflective XSS. High LevelIn the high level, the developer has added an "anti Cross-Site Request Forgery (CSRF) token". In order by bypass this protection method, another vulnerability will be required. Spoiler: e.g. Javascript is a executed on the client side, in the browser.
Impossible LevelIn the impossible level, the challenge will extent the high level and asks for the current user's password. As this cannot be found out (only predicted or brute forced), there is not an attack vector here. |
Reference: