XSRF is an exploit where malicious scripts are transmitted from one trusted site to trigger undesirable operations in some other user authenticated trusted site. The user-website trust is broken and this is exploited. Two demo PHP websites are used to demonstrate this attack. Here, the user is authenticated with VulnBank and the malicious embedded scripts in IMG tag, found in Vulnerable to XSRF site, transfers victims fund to the attacker account.
XSRF In Action
How this works
The attacker understands that a particular site trusted by the victim, here, VulnBank. He finds out that fund transfer operation can be invoked by activating a single url (once victim user is authenticated). He now finds out another victim trusted site which accepts user input and reflects the same if any error found in the input. So the attacker trys to inject an IMG tag which points to fund transfer link, appended with attacker crafted parameters. This is reflected back by the VulnSite, executes the IMG tag and activates the link along with it. The attacker copies the VulnSite’s URL which has the reflected Img tag and sends to the victim. Since the victim trusts the VulnSite he clicks it without any hesitation. During the page load, money gets transferred to the attacker account from the victim and victim isn’t even aware of it.
Download Files
Note: This is updated code, what you see on the video is older version of the code but that will get you started.
Files in the Archive
Instructions
- Update the Database config section on connect.php in the root folder.
- Once done, load the sql in root folder, client.com and bank.com folders
- Then access bank.com and client.com in two different browsers (or tabs)
- Note the balance in ‘bank.com’
- Execute the XSRF script in ‘client.com’
- Check the balance in new balance in ‘bank.com’
More Info
cgisecurity Wikipedia OWASP XSRF Animated Movie
| XSRF Demo Info | |
|---|---|
| App Name | XSRF Demo |
| License | free |
| Type | code |
| App URL |
 |
| More Info | link |
