OWASP top 10 vulnerabilities CTF lesson – Cross Site Request Forgery

CTF365 lesson is based upon OWASP top 10 vulnerabilities which is still valid in 2020. The following are the lessons that are provided by CTF365. Let me tell you they are not only top 10, instead the list is of top 11 and please note they are not in any order. You can signup security shepherd using CTF365 account and start learning.

1. Broken Session Management
2. Cross Site Request Forgery (CSRF)
3. Cross Site Scripting (XSS)
4. Failure to Restrict URL Access
5. Insecure Cryptographic Storage
6. Insecure Direct Object References
7. Poor Data Validation
8. Security Misconfiguration
9. SQL Injection (SQLi)
10. Untrusted Input
11. Unvalidated Redirects and Forwards

2. Cross Site Request Forgery

The short description has been given in the page itself but if you want to read more about it then you can always checkout the official OWASP page where they have described it more. Please click here to go to the link.

Cross-Site Request Forgery

The task to complete the Cross-Site Request Forgery lesson is to do the following:

The function used by an administrator to mark this lesson as complete for a user is initiated by the following GET request to this server, where ‘exampleId’ is a valid userId; 
GET /root/grantComplete/csrfLesson?userId=exampleId 
To complete this lesson, send the administrator a message with a image URL, that will show in an embedded <img>tag that will force them to submit the request described above, replacing the exampleId attribute with your temp userId: 958338725

To solve the problem we need to send the following link, paste it to the Contact Admin section and click on Send Message.

https://security-shepherd.ctf365.com/root/grantComplete/csrfLesson?userId=958338725

Nice! we got the key. Paste it and complete the current lesson.

Leave a Reply

Your email address will not be published. Required fields are marked *