27 lines
1.6 KiB
Plaintext
27 lines
1.6 KiB
Plaintext
:blank: pass:[ +]
|
||
|
||
== Login CSRF attack
|
||
|
||
In a login CSRF attack, the attacker forges a login request to an honest site using the attacker’s username
|
||
and password at that site. If the forgery succeeds, the honest server responds with a `Set-Cookie` header
|
||
that instructs the browser to mutate its state by storing a session cookie, logging the user into
|
||
the honest site as the attacker. This session cookie is used to bind subsequent requests to the user’s session and hence
|
||
to the attacker’s authentication credentials. Login CSRF attacks can have serious consequences, for example
|
||
see the picture below where an attacker created an account at google.com the victim visits the malicious
|
||
website and the user is logged in as the attacker. The attacker could then later on gather information about
|
||
the activities of the user.
|
||
|
||
{blank}
|
||
|
||
image::images/login-csrf.png[caption="Figure: ", title="Login CSRF from Robust Defenses for Cross-Site Request Forgery", width="800", height="500", style="lesson-image" link="http://seclab.stanford.edu/websec/csrf/csrf.pdf"]
|
||
|
||
{blank}
|
||
For more information read the following http://seclab.stanford.edu/websec/csrf/csrf.pdf[paper].
|
||
|
||
In this assignment try to see if WebGoat is also vulnerable for a login CSRF attack.
|
||
Leave this tab open and in another tab create a user based on your own username prefixed with `csrf-`.
|
||
So if your username is `tom` you must create a new user called `csrf-tom`.
|
||
|
||
Login as the new user. This is what an attacker would do using CSRF. Then click the button in the original tab.
|
||
Because you are logged in as a different user, the attacker learns that you clicked the button.
|