CSRF Exploitation using XSS

Hello friends! In our previous article, we saw how an attacker can shoot web application against CSRF vulnerability with help of burp suite. Today again we are going to test CSRF attack with help of XSS vulnerability.AS we know taking the help of XSS attacker might be able to read cookies from the same domain and if CSRF token is stored in cookies then the attacker will able to read the CSRF token from CSRF protected post.

Let’s have a look at how an attacker can make CSRF attack for changing the password of admin account when the web application is suffering from cross-site scripting vulnerability. For this tutorial, I had used DVWA and set its security level low.

Suppose that you have found XSS vulnerability in any web application server. Here we are going to use javascript or HTML script which will make CSRF attack for changing the password of the admin account.

An XSS attack can be used to read the cookies and get the valid tokens if it is stored in cookies which have to be inserted in the malicious script to make CSRF possible. Using image tag we will send a malicious script, inside script I had set a new password like 123456.

Now let’s check whether the password for admin has been changed or not, previously credential was admin: password, if the admin gets failed to login inside web server using his previous credential then we had successfully made CSRF attack.

From given screenshot, you can see using admin: password it confirms login failed. Now use your new password 123456 for login inside web server.

Similarly, there is another web application bwapp where we will demonstrate the same attack using XSS vulnerability. First, you need to choose your bug “cross-site scripting Reflected (post)” and set security level low.

In the given screenshot the form is suffering from XSS vulnerability now we are going to generate a script for making CSRF possible in order to change the password for a user. Here we are login as bee: bug into web server now we will try to change its password with help of cross-site scripting.

Similarly using image tag we will send a malicious script, inside script I had set new password as hack.

From the screenshot, you can see generated image icon which means this form has XSS flaws now let check whether the password has been modified or not for user bee.

Now use previous credential bee: bug if login failed is confirmed it means we have successfully shot the CSRF attack and from the screenshot, you can see “invalid credential or user not activated” message.  Now use a new password for login into a web server.

Conclusion: XSS vulnerabilities exist anywhere in the same domain it could lead to CSRF attack and allows attackers to remotely control the target’s browser with full rights, making CSRF useless.

Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

1 Comment CSRF Exploitation using XSS

Leave a Reply

Your email address will not be published. Required fields are marked *