Pages

Sunday, June 19, 2011

DVWA - CSRF (High)

In this chance, I will share my experience about DVWA. I have tried to complete DVWA with high level but I'm still confused. I still not understand about the purpose from this problem. this is some picture I've done :


Picture above is a page from CSRF with high level.





that is source from CSRF with high level.



I'm still confused with the query.
SELECT password FROM `users` WHERE user='admin' AND password='$pass_curr';


I've tried to write that query on current password column, but appear warning 'Password did not match or current password is incorrect'. Then, I write that query in user-agent (after tamper data), but the result is same with trial being before.

3 comments:

  1. try xss(get password) +csrf (privilaged access) with the stolen cookie (unencrypted in this case)

    ReplyDelete
  2. thank's for your suggest, but i'm still confuse about your suggest because i'm still newbie.

    ReplyDelete
  3. AJAX is required to get user_token in the CSRF code. You can use the Stored XSS page. Though written in Korean, http://webhack.dynu.net/?idx=20161208.003 may help you.

    ReplyDelete