Extreme Hacking | Sadik Shaikh
Ethical Hacking Institute Course in Pune-India

Well, now we go to the important part, how to use XSS to bypass CSRF protection. This technique applies to those websites, who have an application guarded by CSRF, and another page which is vulnerable to XSS. Using that XSS we can bypass the CSRF protection and we can automate any action that anybody can do on the application without problems.

For example, one website has a little application on the main page which is vulnerable to XSS, and a forum on /forum which is not vulnerable to CSRF. We will see how we can use that XSS to bypass CSRF protection of the forum. As I said earlier, there are many methods to prevent CSRF, but the most used is that of tokens and hidden fields (<input type=”hidden” name=”token” value=”<?php print $_SESSION[‘token’]; ?>” /> ) which are verified before the action is executed. We will try to pass this type of protection, so as we have time to do what we really want.

Lets start with the base idea, how to pass CSRF protection, because we do not know the that token. The solution is piece of cake, we find it, and we can do this very easily using javascript. Let’s take an example, adding a new administrator depending on the name of the user who will become administrator. This will happen in the folder /admin which is not vulnerable to CSRF:

/admin/admin.php?action=add_admin ( for example… ):

[Image: PWdaTap.jpg]

Well, this script adds an administrator. When the button is clicked the main admin will make a request such as:

http://www.site.com/add_admin.php?name=ksharma&token=1htFI0iA9s&submit

When verifying,the token from the session will be the same with the one send from the form , and nitro will be an administrator.

[Image: GIp0BA5.jpg]

Now let’s see what we can do to obtain that token. I will use as a method the GET function, in examples, so as to be easier to understand, but you could apply as well the POST function for data being sent.
We will consider on the main page (index.php), the vulnerable application which contains the following code:

NOTE:- Due to Restriction of Words ,,frome Here Tutorial in Pictures Form

[Image: EINE4q1.jpg]

[Image: kZVjMKs.jpg]

[Image: XwFXhcM.jpg]

[Image: Htyhyxv.jpg]

[Image: glPZpmc.png]

[Image: POXkrKR.png]

[Image: BDPZ4W4.png]

[Image: wSjGJHJ.png]

[Image: 3WhoF4v.png]
www.extremehacking.org
CEHv9 CHFI ECSAv9 CAST ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE,Certified Ethical Hacking, Center For Advanced Security Training in India, ceh v9 course in Pune-India,ceh certification in pune-India, ceh v9 training in Pune-India,Ethical Hacking Course in Pune-India