- Updated a comment and removed some unused imports in HttpSplitting.java
- Added CSRF.html and CSRF.java git-svn-id: http://webgoat.googlecode.com/svn/trunk@26 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
27
webgoat/main/project/WebContent/lesson_plans/CSRF.html
Normal file
27
webgoat/main/project/WebContent/lesson_plans/CSRF.html
Normal file
@ -0,0 +1,27 @@
|
||||
<div align="Center">
|
||||
<p><b>Lesson Plan Title:</b> Cross Site Request Forgery. </p>
|
||||
</div>
|
||||
|
||||
<p><b>Concept / Topic To Teach:</b> </p>
|
||||
This lesson teaches how to Cross Site Request Forgery (CSRF) attacks.
|
||||
<br>
|
||||
<div align="Left">
|
||||
<p>
|
||||
<b>How the attacks works:</b>
|
||||
</p>
|
||||
Cross-Site Request Forgery (CSRF/XSRF) is an attack that tricks the victim into loading a page that contains img links like the one below:
|
||||
|
||||
<pre><img src="<a href="http://www.mybank.com/transferFunds.do?acctId=123456" class='external free' title="http://www.mybank.com/transferFunds.do?acctId=123456" rel="nofollow">http://www.mybank.com/sendFunds.do?acctId=123456</a>"/></pre>
|
||||
|
||||
When the victim's browser attempts to render this page, it will issue a request to www.mybank.com to the transferFunds.do page with the specified parameters. The browser will think the link is to get an image, even though it actually is a funds transfer function.
|
||||
|
||||
The request will include any cookies associated with the site. Therefore, if the user has authenticated to the site, and has either a permanent cookie or even a current session cookie, the site will have no way to distinguish this from a legitimate user request.
|
||||
|
||||
In this way, the attacker can make the victim perform actions that they didn't intend to, such as logout, purchase item, or any other function provided by the vulnerable website
|
||||
</div>
|
||||
<p><b>General Goal(s):</b> </p>
|
||||
<!-- Start Instructions -->
|
||||
* Your goal is to send an email to a newsgroup.<br>
|
||||
* Try to include a 1x1 pixel image that includes a URL that transfers funds to your account.<br>
|
||||
* Whoever receives this email and happens to be authenticated at that time will be a victim.
|
||||
<!-- Stop Instructions -->
|
Reference in New Issue
Block a user