CSRF Account Takeover Tutorial
This post is published by Vulnerables on his blog at Medium and published here as a contributor on our blog .Note that the post is written by Vulnerables , & any mistake in writing will be entertained only from him We allow anyone to write contents on our blog as a guest/contributor so other can also learn.If you’re interested in sharing your finding through our Platform just Signup on blog and you can post freely.
Today I Am Explained CSRF Account Takeover Tutorial Automated/Manual. Here is the second CSRF vulnerability which leads to full account takeover and as it is patched, we decided to share the PoC also. So when Anti-CSRF token is implemented, your website will include a random generated number or token to every page which is impossible to guess by the attacker so website will include it when they serve it to you. It differs each time they serve any page to anybody so attacker won’t be able to generate a valid request because of the wrong token.
Vulnerability: CSRF/XSRF (Cross site request forgery)
Owasp rank: (OTG-SESS-005)
Cross site request forgery (Patched)
- So the vulnerable website is https://openmenu.com
- Create two accounts csrf attacker (Mozilla) and csrf victim (Chrome) or you can also test it with one account.
- Open any web proxy tool and turn intercept on to catch the request of the profile change.
- After login in both accounts with different browsers go to account settings and click on account settings in Mozilla, Fill up the mandatory fields and click on save changes.(Pic below)
- We can exploit the form both ways manual/automated and here in the PoC we’ve explained both methods. So more detailed exploitation you can go through video.
- So right click on the intercepted request and select Engagement tools and click on ‘Generate PoC request’, Here copy HTML and save it as open.html
- change the email id in the html if you want takeover with email.
- In new tab in chrome open open.html and click on submit request and you’ll get victim’s account with Email/Password changed, to cross verify you can refresh the first tab.
- Below is the video PoC
Thank You For Reading CSRF Account Takeover Automated/Manual Write up. More Bug Bounty Write up Coming Soon.Stay With Us.Follow On Social Network Get Notification.If You Are New Bug Hunter Or Web Penetration Tester This Blog Site Help To You.And Also Share This Blog Post Your Friends Of Friends.Happy Hunting Be Smile.
Follow My Twitter Get New Post Notification.
Follow Twitter:- Follow Now || Click Here
Like My Facebook Page Get New Post Notification.
Like Page:- Like Now || Click Here
Author: Md Hridoy
Copyright By © Bug Bounty TuT