In
previous article we have discussed about
how to bypass low level security if a web application server is suffering from
cross site request forgery (CSRF). Today we will see how to exploit a web
application server with CSRF attack if the security level get increased or say
set to medium and try to change the password of admin without his permission.
Let’s start!!!
Again I have target DVWA for this tutorial and by default the credential set for it is admin: password. As you can see I have
used them for login in DVWA
Set security level medium select the bug cross site request forgery as current
vulnerability. Here you see the text
fields are given for changing the password of the database for user admin.
If
you remembered in the previous article we have executed csrf.html file to change the password for admin when security level
is low.
In
following screenshot you can see I have given value= “hacker” as new password and confirm password.
Now
I am going to test whether the same file csrf.html
would be capable to change the password for admin when security level is medium. From screenshot you can see I
try to execute csrf.html file which might reset the password.
As
result you can see I didn’t successes
to bypass medium security using
csrf.html and got an error message “that
request didn’t look correct”. Hence the technique which we have used in low
security will get failed in medium security level.
Sometimes
it might be possible that a web application server may have more than one
vulnerabilities in it. It could be a big advantage because making use of other
vulnerability we can perform an action to execute our malicious file through
it.
Now first of all change csrf.html into csrf.php
file, then set low security level
and switch into file uploading
vulnerability inside DVWA.
Here the above text file of html form is now saved as csrf.php is successfully uploaded in the server which you can see
from given screenshot.
Now browse the path 192.168.1.102:81/dvwa/hackable/uploads/csrf.php
in URL to execute csrf.php file and click on change button.
GREAT!!!
From screenshot you can see without admin permission we
have successfully changed his password.
Now
let’s verify, as we know the previous credential was admin: password; here when I try to use them it shows the login
failed.
Further when I try with admin: hacker as current credential, I login successfully inside
DVWA. This was all about CSRF tutorial to bypass medium security in DVWA.
0 comments:
Post a Comment