Pages

Sunday, June 19, 2011

DVWA - CSRF (High)

In this chance, I will share my experience about DVWA. I have tried to complete DVWA with high level but I'm still confused. I still not understand about the purpose from this problem. this is some picture I've done :


Picture above is a page from CSRF with high level.





that is source from CSRF with high level.



I'm still confused with the query.
SELECT password FROM `users` WHERE user='admin' AND password='$pass_curr';


I've tried to write that query on current password column, but appear warning 'Password did not match or current password is incorrect'. Then, I write that query in user-agent (after tamper data), but the result is same with trial being before.
Diposkan oleh jam
Label:

3 comments:

  1. secure xSeptember 2, 2011 at 1:24 PM

    try xss(get password) +csrf (privilaged access) with the stolen cookie (unencrypted in this case)

    ReplyDelete
  2. KokoSeptember 3, 2011 at 3:04 PM

    thank's for your suggest, but i'm still confuse about your suggest because i'm still newbie.

    ReplyDelete
  3. UnknownDecember 9, 2016 at 8:00 AM

    AJAX is required to get user_token in the CSRF code. You can use the Stored XSS page. Though written in Korean, http://webhack.dynu.net/?idx=20161208.003 may help you.

    ReplyDelete

Subscribe to: Post Comments (Atom)