Assume that there is a function in a web application that allows users to change their current email address to a new one. The following is an example of a HTTP POST request that will be sent to the vulnerable web application when the user tries to perform email change action: POST usr/emailchange.php HTTP/1.1 Host: example.com Connection: Keep-Alive Cookie: session=abcwsdagePkBZzeR9hGhTlvxyHfsZf1 The following is the parameter for the email in the POST request: Form Data email=example@utas.edu.au (a) Design an CSRF attack to exploit the existing vulnerability by creating an HTML page with the required method, URL, parameters and action to change the email when the victim hits the URL of this webpage. Assume that there are no prevention techniques implemented. (b) What will happen if the victim hits your code in (a) when he/she authenticated already? (c) What will happen if the victim hits your code in (a) when he/she not authenticated already?

Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
icon
Related questions
Question

Assume that there is a function in a web application that allows users to change their
current email address to a new one.
The following is an example of a HTTP POST request that will be sent to the vulnerable
web application when the user tries to perform email change action:
POST usr/emailchange.php HTTP/1.1
Host: example.com
Connection: Keep-Alive
Cookie: session=abcwsdagePkBZzeR9hGhTlvxyHfsZf1
The following is the parameter for the email in the POST request:
Form Data
email=example@utas.edu.au
(a) Design an CSRF attack to exploit the existing vulnerability by creating an HTML
page with the required method, URL, parameters and action to change the email
when the victim hits the URL of this webpage. Assume that there are no prevention
techniques implemented.
(b) What will happen if the victim hits your code in (a) when he/she authenticated
already?
(c) What will happen if the victim hits your code in (a) when he/she not authenticated
already?

Expert Solution
steps

Step by step

Solved in 3 steps with 1 images

Blurred answer
Knowledge Booster
Linux
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
  • SEE MORE QUESTIONS
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education