Assume that there is a function in a web application that allows users to change their current email address to a new one. The following is an example of a HTTP POST request that will be sent to the vulnerable web application when the user tries to perform email change action: POST usr/emailchange.php HTTP/1.1 Host: example.com Connection: Keep-Alive Cookie: session=abcwsdagePkBZzeR9hGhTlvxyHfsZf1 The following is the parameter for the email in the POST request: Form Data email=example@utas.edu.au (a) Design an CSRF attack to exploit the existing vulnerability by creating an HTML page with the required method, URL, parameters and action to change the email when the victim hits the URL of this webpage. Assume that there are no prevention techniques implemented. (b) What will happen if the victim hits your code in (a) when he/she authenticated already? (c) What will happen if the victim hits your code in (a) when he/she not authenticated already?
Assume that there is a function in a web application that allows users to change their
current email address to a new one.
The following is an example of a HTTP POST request that will be sent to the vulnerable
web application when the user tries to perform email change action:
POST usr/emailchange.php HTTP/1.1
Host: example.com
Connection: Keep-Alive
Cookie: session=abcwsdagePkBZzeR9hGhTlvxyHfsZf1
The following is the parameter for the email in the POST request:
Form Data
email=example@utas.edu.au
(a) Design an CSRF attack to exploit the existing vulnerability by creating an HTML
page with the required method, URL, parameters and action to change the email
when the victim hits the URL of this webpage. Assume that there are no prevention
techniques implemented.
(b) What will happen if the victim hits your code in (a) when he/she authenticated
already?
(c) What will happen if the victim hits your code in (a) when he/she not authenticated
already?
Step by step
Solved in 3 steps with 1 images