Hello friends! Welcome to my twisted CSRF labs! These are the CSRF labs with some of the sweetest cheese but you will have to for it.
Here are some ground rules:
- 00.php is supposed to be safe, please report all issues to firstname.lastname@example.org
- You can always go to the file
- These challenges will get progressively harder
- You can always go back to The listing
CSRF Lab Exercise: Exploiting CSRF Vulnerability and Capturing the Flag
In this exercise, your task is to exploit a Cross-Site Request Forgery (CSRF) vulnerability and capture the flag. You will need to create a malicious webpage that makes the victim submit the form below without their knowledge.
Follow these steps to complete the exercise:
- Inspect the form below and understand the parameters it requires, especially the hidden CSRF token.
- Create a malicious webpage that automatically submits the form when loaded by the victim. Make sure to include the CSRF token in the form submission.
- Now, create another malicious webpage that automatically submits the form when loaded by the victim. Make sure to include the CSRF token but change it to a token of the same length in the form submission.
- Test your exploit. If successful, you should capture the flag.
- Enter the flag in the input field below to check if you captured the correct flag.
Remember: A successful CSRF attack needs to make the request indistinguishable from a legitimate user request. Good luck!