CHALLENGE DESCRIPTION
Who needs session integrity these days?
Introduction to Cross-Site Request Forgery (CSRF)
In a CSRF attack, the attacker takes advantage of the victim’s active session to initiate actions on the victim’s behalf. These actions are masked as legitimate requests, making detection challenging and consequences potentially severe.
Analysis
Our journey begins with a login page. Despite possessing valid credentials, I am required to register.admin1 will be my username and password.
Upon logging into this account, a message is displayed to us:You are not an admin.
Let’s examine the cookies and determine if a CSRF exploit is feasible.
The cookie is encoded in base64. Decoding it reveals the content: {“username”:”admin1”}.
Exploit
We need to encode it with the value “admin” instead of “admin1,” then replace the default cookie value with the new one.
Now you can grab the flag.