doc
java
resources
scripts
tomcatconf
webapp
META-INF
WEB-INF
css
database
images
javascript
lesson_plans
English
AccessControlMatrix.html
BackDoors.html
BasicAuthentication.html
BlindSqlInjection.html
CSRF.html
ChallengeScreen.html
ClientSideFiltering.html
ClientSideValidation.html
CommandInjection.html
ConcurrencyCart.html
CrossSiteScripting.html
CsrfPromptByPass.html
CsrfTokenByPass.html
DBCrossSiteScripting.html
DBSQLInjection.html
DOMInjection.html
DOMXSS.html
DOS_Login.html
DangerousEval.html
Encoding.html
FailOpenAuthentication.html
ForcedBrowsing.html
ForgotPassword.html
HiddenFieldTampering.html
HowToWork.html
HtmlClues.html
HttpBasics.html
HttpOnly.html
HttpSplitting.html
InsecureLogin.html
JSONInjection.html
JavaScriptValidation.html
Lesson_Plan_Template.html
LogSpoofing.html
MultiLevelLogin1.html
MultiLevelLogin2.html
NewLesson.html
OffByOne.html
PasswordStrength.html
PathBasedAccessControl.html
Phishing.html
ReflectedXSS.html
RemoteAdminFlaw.html
RoleBasedAccessControl.html
SQLInjection.html
SameOriginPolicyProtection.html
SessionFixation.html
SilentTransactions.html
SoapRequest.html
SqlNumericInjection.html
SqlStringInjection.html
StoredXss.html
ThreadSafetyProblem.html
TomcatSetup.html
TraceXSS.html
UncheckedEmail.html
UsefulTools.html
WSDLScanning.html
WeakAuthenticationCookie.html
WeakSessionID.html
WelcomeScreeen.html
WsSAXInjection.html
WsSqlInjection.html
XMLInjection.html
XPATHInjection.html
German
de
en
ru
lesson_solutions
lessons
users
main.jsp
reportBug.jsp
sideWindow.jsp
webgoat.jsp
webgoat_challenge.jsp
.gitignore
README.txt
build.xml
pom.xml
webgoat for SQL Server.bat
webgoat.bat
webgoat.sh
webgoat_8080.bat
webscarab.bat
git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@485 4033779f-a91e-0410-96ef-6bf7bf53c507
39 lines
1.9 KiB
HTML
39 lines
1.9 KiB
HTML
<div align="Center">
|
|
<p><b>Lesson Plan Title:</b>CSRF Token Prompt By-Pass</p><br/>
|
|
</div>
|
|
|
|
<p><b>Concept / Topic To Teach:</b> </p>
|
|
This lesson teaches how to perform CSRF attacks on sites that use tokens to mitigate CSRF attacks, but are vulnerable to CSS attacks.
|
|
<br>
|
|
<div align="Left">
|
|
<p>
|
|
<b>How the attacks works:</b>
|
|
</p>
|
|
<p>
|
|
Cross-Site Request Forgery (CSRF/XSRF) is an attack that tricks the victim into
|
|
loading a page that contains a 'forged request' to execute commands with the
|
|
victim's credentials. </p>
|
|
|
|
<p>Token-based request authentication mitigates these attacks. This technique
|
|
inserts tokens into pages that issue requests. These tokens are required to
|
|
complete a request, and help verify that requests are not scripted. CSRFGuard from OWASP uses
|
|
this technique to help prevent CSRF attacks.</p>
|
|
|
|
<p>However, this technique can be by-passed if CSS vulnerabilities exist on the same site.
|
|
Because of the same-origin browser policy, pages from the same domain can read content from
|
|
other pages from the same domain. </p>
|
|
|
|
</div>
|
|
<p><b>General Goal(s):</b> </p>
|
|
<!-- Start Instructions -->
|
|
Similar to the CSRF Lesson, your goal is to send an email to a newsgroup that contains a malicious
|
|
request to transfer funds. To successfully complete you need to obtain a valid request token.
|
|
The page that presents the transfer funds form contains a valid request token. The URL for the
|
|
transfer funds page is the same as this lesson with an extra parameter "transferFunds=main". Load
|
|
this page, read the token and append the token in a forged request to transferFunds. When you think
|
|
the attack is successful, refresh the page and you will find the green check on the left hand side menu.<br/>
|
|
<b>Note that the "Screen" and "menu" GET variables will vary between WebGoat builds. Copying the menu link on the left will give you the current values.</b>
|
|
<!-- Stop Instructions -->
|
|
|
|
|