natas4

프록시툴을 이용하여 Request를 보낼 때 referer주소에서 natas4를 natas5로 변경하여 요청하면

natas5의 계정정보를 출력해준다.

<HEAD>

<!-- This stuff in the header has nothing to do with the level -->

<LINK rel=stylesheet type=text/css href="http://natas.labs.overthewire.org/css/level.css">

<LINK rel=stylesheet href="http://natas.labs.overthewire.org/css/jquery-ui.css">

<LINK rel=stylesheet href="http://natas.labs.overthewire.org/css/wechall.css">

<SCRIPT src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></SCRIPT>

<SCRIPT src="http://natas.labs.overthewire.org/js/jquery-ui.js"></SCRIPT>

<SCRIPT src="http://natas.labs.overthewire.org/js/wechall-data.js"></SCRIPT><SCRIPT src="http://natas.labs.overthewire.org/js/wechall.js"></SCRIPT>

<SCRIPT>var wechallinfo = { "level": "natas4", "pass": "Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ" };</SCRIPT>

 

<H1>natas4</H1>

<DIV id=content>

 

Access granted. The password for natas5 is iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq

<br />

<DIV id=viewsource><A href="http://itstarter.tistory.com/admin/entry/post/index.php">Refresh page</A></DIV>

</DIV>

HTTP Request Forging

GET scenario

If the application was designed to primarily use GET requests to transfer parameters and execute actions, the money transfer operation might be reduced to such request:

GET http://bank.com/transfer.do?acct=BOB&amount=100 HTTP/1.1

Maria now decides to exploit this web application vulnerability using Alice as her victim. Maria first constructs the following exploit URL which will transfer $100,000 from Alice's account to her account. She takes the original command URL and replaces the beneficiary name with herself, raising the transfer amount significantly at the same time:

http://bank.com/transfer.do?acct=MARIA&amount=100000

 

 

참조 : https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

http://seanmurphree.com/blog/?p=307