25 lines
1.4 KiB
Plaintext
25 lines
1.4 KiB
Plaintext
:blank: pass:[ +]
|
||
|
||
== Login CSRF attack
|
||
|
||
In a login CSRF attack, the attacker forges a login request to an honest site using the attacker’s username
|
||
and password at that site. If the forgery succeeds, the honest server responds with a `Set-Cookie` header
|
||
that instructs the browser to mutate its state by storing a session cookie, logging the user into
|
||
the honest site as the attacker. This session cookie is used to bind subsequent requests to the user’s session and hence
|
||
to the attacker’s authentication credentials. Login CSRF attacks can have serious consequences, for example
|
||
see the picture below where an attacker created an account at google.com the victim visits the malicious
|
||
website and the user is logged in as the attacker. The attacker could then later on gather information about
|
||
the activities of the user.
|
||
|
||
{blank}
|
||
|
||
image::images/login-csrf.png[caption="Figure: ", title="Login CSRF from Robust Defenses for Cross-Site Request Forgery", width="800", height="500", style="lesson-image" link="http://seclab.stanford.edu/websec/csrf/csrf.pdf"]
|
||
|
||
{blank}
|
||
For more information read the following http://seclab.stanford.edu/websec/csrf/csrf.pdf[paper]
|
||
|
||
In this assignment try to see if WebGoat is also vulnerable for a login CSRF attack. First create a user
|
||
based on your own username prefixed with csrf. So if your username is `tom` you must create
|
||
a new user called `csrf-tom`
|
||
|