Skip to content

rohte/campr-csrf-workshop

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
gradle/wrapper
gradle/wrapper
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
evil.html
evil.html
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 

Repository files navigation

Campr CSRF Workshop

Triggering the CSRF Vulnerability

Run the application and trigger the CSRF vulnerability.

  1. Start the application.
./gradlew clean run

  1. Go to localhost:8080 and login as admin with the username/password: admin/admin

  2. Open evil.html in a web browser and click the button

  3. Log out of the vendor portal, then try to log back in as admin

Fixing CSRF

Recommended: Use Intellij to open and import the application’s build.gradle file. This will sync your gradle system to the IDE.

If you don’t use Intellij, you can sync the gradle system according to your environment tool.

Run the tests in debug to see the failing security test in detail.

./gradlew clean test --debug

Now use your wits to get the first test to pass!

Requirements

  • JDK 1.7+
  • A Java IDE

Resources

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Java 70.4%
  • HTML 21.2%
  • JavaScript 8.4%