Lesson Plan Title:CSRF User Prompt By-Pass
Concept / Topic To Teach:
This lesson teaches how to perform CSRF attacks that by-pass user confirmation prompts.How the attacks works:
Cross-Site Request Forgery (CSRF/XSRF) is an attack that tricks the victim into loading a page that contains a 'forged request' to execute commands with the victim's credentials. Prompting a user to confirm or cancel the command might sound like a solution, but can be by-passed if the prompt is scriptable. This lesson shows how to by-pass such a prompt by issuing another forged request. This can also apply to a series of prompts such as a wizard or issuing multiple unrelated forged requests.
General Goal(s):
Similar to the CSRF Lesson, your goal is to send an email to a newsgroup that contains multiple malicious requests: the first to transfer funds, and the second a request to confirm the prompt that the first request triggered. The URL should point to the CSRF lesson with an extra parameter "transferFunds=4000", and "transferFunds=CONFIRM". You can copy the shortcut from the left hand menu by right clicking on the left hand menu and choosing copy shortcut. Whoever receives this email and happens to be authenticated at that time will have his funds transferred. When you think the attack is successful, refresh the page and you will find the green check on the left hand side menu.