PortSwigger Academy describes CSRF as
“Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.”
In order to solve the lab, we need to change the user’s email address and upload it to our server. We already have an account at the vulnerable webapp and we will use it for this purpose.
Also, this lab gives us access to an exploit server we need to use for this attack.
BurpSuite Pro edition has a CSRF generator feature making it easier to exploit, but it can still be done with a community edition by crafting the exploit manually.
We use our account and do an email change request. We find this request in the HTTP history in BurpSuite and we see that there is no CSRF token which suggests there is a CSRF vulnerability and we can forge this request.
Without BurpSuite Pro we can use a template provided by the PortSwigger Academy at the vulnerability description. We need to modify the template ‘form action’ to reflect the webapp email change address.
Once it is done, we deliver the exploit to a user.
Email is successfully changed and the lab is solved.