Hello and welcome to the cyber very secure coding course.
My name is Sonny Wear, and this is a loss. Top 10 for 2013 8 Cross site request. Forgery Lab in solution. We're going to use Web goat see serve, exercise
the cross eyed request forgery lesson.
So in the lesson, what you'll notice is it gives you some instructions on
basically how to perform the exploit.
let me let me explain what we're trying to do here, It says The goal is to send an email to a newsgroup that contains an image. Who's your URL is pointing to a malicious request, so remember
that she serve can be accomplished through a couple of different ways.
You can either have your victim
click on it a malicious link
that may be at what's called a watering hole. So and that's sort of what the simulation is trying to show.
So in this simulation,
it says, try to include a one by one pixel image that includes the U. R L.
The U R L should point to the Sea surf lesson with an extra parameter of transfer funds equal to 4000
and then it goes on it says you can copy the shortcut from the left hand menu,
it's pretty easy to figure out what this link is. In fact, there's ah parameter value listing that's given. So I know it's Screen 52 its Menu 900. I could easily get that other ways to it could use the developer tool
So anyway, that's pretty easy to get. So what I've done is I've constructed my HTML,
and I've created an image that has a width of one in the height of one because that's what it said
include a one by one pixel image that includes a U. R L.
The girl needs to point to the lesson, but has this extra parameter at the end.
So this is the Euro lesson here. Screen is equal to 52 menu is equal to 900 then I've got the
and transfer funds to 4000.
most of the Ural is, of course, fine. But it's just the last portion that is,
that is nefarious. So
if I were to load this up,
it looks like nothing happened. It looks fine,
but think, Think of this as if the link were to be given to the end user as an authenticated user, let's say maybe in an email.
And so the user has their bank open on this tab and their email open on this time, which is certainly a viable situation,
and they happen to see Oh my
my bank just sent me an email.
Let me click that link. And so, even though the images and everything would be copied and made to look just like the bank,
they had inadvertently transferred some money to to some other account.
So that's how one way that that could happen the other way that this link could get here is if
there's an actual planted cross site scripting attack on the page itself. And so when the user clicks
an image or clicks this submit, they actually invoke that malicious script behind scenes.
And also, if it's a newsgroup that allows for the posting of information and there's no sanitation done,
then it would be very easy to to put the malicious link
so that would make the the link clickable right there on the trusted page. Right?
So because there is no check
when when either this was clicked or
external link was clicked because there was no validation done in either request on the server side.
these requests came on Lee from
the place of origination,
then the sea surf attack is successful.