Exploiting CSRF as a Privilege escalation vulnerability

Index

Description

· CSRF in GET Requests

· CSRF in POST Requests

Exploit CSRF with Automated POC

Preventive Measures /Mitigation

Description

CSRF is an attack that forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With the help of social engineering (like sending a link via email/chat), an attacker may force the users of a web application to execute actions of the attacker’s choosing.

Example

· Change the email address on their account

· Change their password

The attacker might be able to gain full control over the user’s account. If the compromised user has a privileged role within the application, then the attacker might be able to take full control of all the application’s data and functionality.

NOTE: CSRF mostly happens, when web application cannot make difference whether the request is originated by a legitimate user or a third party user.

CSRF in GET Requests

So, whenever a user edits his profile on Test.com suppose this is the form that submit the user’s value on the server

Code snippet of form