Time
9 hours 31 minutes
Difficulty
Intermediate
CEU/CPE
10

Video Description

This lab-based lesson allows participants to take part in a lab about cross site request forgery (CSRF). In this lesson, we see how easy it is to create an image that includes a URL with an extra parameter which allows funds to be transferred via using an image that looks like it belongs to a legitimate financial institution.

Video Transcription

00:04
Hello and welcome to the cyber very secure coding course.
00:08
My name is Sonny Wear, and this is a loss. Top 10 for 2013 8 Cross site request. Forgery Lab in solution. We're going to use Web goat see serve, exercise
00:23
the cross eyed request forgery lesson.
00:26
So in the lesson, what you'll notice is it gives you some instructions on
00:35
basically how to perform the exploit.
00:39
Now
00:40
let me let me explain what we're trying to do here, It says The goal is to send an email to a newsgroup that contains an image. Who's your URL is pointing to a malicious request, so remember
00:55
that she serve can be accomplished through a couple of different ways.
00:59
You can either have your victim
01:02
click on it a malicious link
01:04
that may be at what's called a watering hole. So and that's sort of what the simulation is trying to show.
01:14
So in this simulation,
01:17
it says, try to include a one by one pixel image that includes the U. R L.
01:23
The U R L should point to the Sea surf lesson with an extra parameter of transfer funds equal to 4000
01:33
and then it goes on it says you can copy the shortcut from the left hand menu,
01:38
so
01:38
it's pretty easy to figure out what this link is. In fact, there's ah parameter value listing that's given. So I know it's Screen 52 its Menu 900. I could easily get that other ways to it could use the developer tool
01:57
inside of Firefox.
02:00
So anyway, that's pretty easy to get. So what I've done is I've constructed my HTML,
02:09
and I've created an image that has a width of one in the height of one because that's what it said
02:15
include a one by one pixel image that includes a U. R L.
02:21
The girl needs to point to the lesson, but has this extra parameter at the end.
02:27
So this is the Euro lesson here. Screen is equal to 52 menu is equal to 900 then I've got the
02:36
and transfer funds to 4000.
02:40
So
02:42
most of the Ural is, of course, fine. But it's just the last portion that is,
02:51
that is nefarious. So
02:53
if I were to load this up,
03:00
it looks like nothing happened. It looks fine,
03:06
but think, Think of this as if the link were to be given to the end user as an authenticated user, let's say maybe in an email.
03:15
And so the user has their bank open on this tab and their email open on this time, which is certainly a viable situation,
03:28
and they happen to see Oh my
03:31
my bank just sent me an email.
03:35
Let me click that link. And so, even though the images and everything would be copied and made to look just like the bank,
03:44
they had inadvertently transferred some money to to some other account.
03:52
So that's how one way that that could happen the other way that this link could get here is if
04:00
there's an actual planted cross site scripting attack on the page itself. And so when the user clicks
04:09
an image or clicks this submit, they actually invoke that malicious script behind scenes.
04:16
And also, if it's a newsgroup that allows for the posting of information and there's no sanitation done,
04:27
then it would be very easy to to put the malicious link
04:33
into the posting.
04:39
Great.
04:40
So
04:41
so that would make the the link clickable right there on the trusted page. Right?
04:48
So because there is no check
04:53
when when either this was clicked or
04:59
some other
05:00
external link was clicked because there was no validation done in either request on the server side.
05:09
To ensure that
05:11
these requests came on Lee from
05:15
the place of origination,
05:16
then the sea surf attack is successful.

Up Next

Secure Coding

In the Secure Coding training course, Sunny Wear will show you how secure coding is important when it comes to lowering risk and vulnerabilities. Learn about XSS, Direct Object Reference, Data Exposure, Buffer Overflows, & Resource Management.

Instructed By

Instructor Profile Image
Sunny Wear
Instructor