< Back





1. CSRF vulnerability with no defenses

Cross-site request forgery - we trick a user into making a request to a server that alters the state
for their identity. In the case of this lab, CSRF is enabled by the fact that the target web app
API doesn't require any further authentication beyond the user's session cookie. The parameter
change email addresses is known by the attacker, so a POST request can be forged.

We host a server that will respond with malicious HTML from a /GET request. The exploit server will
forge a POST request to the target web app, changing the email address of the user currently logged
in - this occurs because the browser will reuse cookies for the target domain.


Solution