51d40b7b22
- New files added: XMLInjection.html, XMLInjection.java and XMLInjection/EmployeesData.xml git-svn-id: http://webgoat.googlecode.com/svn/trunk@33 4033779f-a91e-0410-96ef-6bf7bf53c507
28 lines
1.7 KiB
HTML
28 lines
1.7 KiB
HTML
<div align="Center">
|
|
<p><b>Lesson Plan Title:</b> Cross Site Request Forgery. </p>
|
|
</div>
|
|
|
|
<p><b>Concept / Topic To Teach:</b> </p>
|
|
This lesson teaches how to perform Cross Site Request Forgery (CSRF) attacks.
|
|
<br>
|
|
<div align="Left">
|
|
<p>
|
|
<b>How the attacks works:</b>
|
|
</p>
|
|
Cross-Site Request Forgery (CSRF/XSRF) is an attack that tricks the victim into loading a page that contains img links like the one below:
|
|
|
|
<pre><img src="<a href="http://www.mybank.com/transferFunds.do?acctId=123456" class='external free' title="http://www.mybank.com/transferFunds.do?acctId=123456" rel="nofollow">http://www.mybank.com/sendFunds.do?acctId=123456</a>"/></pre>
|
|
|
|
When the victim's browser attempts to render this page, it will issue a request to www.mybank.com to the transferFunds.do page with the specified parameters. The browser will think the link is to get an image, even though it actually is a funds transfer function.
|
|
|
|
The request will include any cookies associated with the site. Therefore, if the user has authenticated to the site, and has either a permanent cookie or even a current session cookie, the site will have no way to distinguish this from a legitimate user request.
|
|
|
|
In this way, the attacker can make the victim perform actions that they didn't intend to, such as logout, purchase item, or any other function provided by the vulnerable website
|
|
</div>
|
|
<p><b>General Goal(s):</b> </p>
|
|
<!-- Start Instructions -->
|
|
* Your goal is to send an email to a newsgroup.<br>
|
|
* Try to include a 1x1 pixel image that includes a URL that transfers funds to your account.<br>
|
|
* Whoever receives this email and happens to be authenticated at that time will be a victim.
|
|
<!-- Stop Instructions -->
|