1
00:00:00,420 --> 00:00:06,750
In this video, we are going to see what is Csrf attack and we are going to solve the low difficulty

2
00:00:06,780 --> 00:00:09,300
csrf challenge in dvwa.

3
00:00:11,360 --> 00:00:14,660
Csrf stands for cross-site request forgery.

4
00:00:14,870 --> 00:00:21,020
It is a type of attack that occurs when a malicious website, email or blog causes a user's web browser

5
00:00:21,020 --> 00:00:26,750
to perform an unwanted action on a trusted site for which the user is currently authenticated.

6
00:00:28,720 --> 00:00:34,300
The tag can be used to transfer funds, change account information, or perform other malicious actions.

7
00:00:38,820 --> 00:00:44,380
You should be on Kali Linux or Parrot in VMware VirtualBox or running natively on your PC.

8
00:00:46,310 --> 00:00:50,810
In step one, go to settings and set the difficulty to low.

9
00:00:53,070 --> 00:00:54,510
Try to change the password.

10
00:00:55,280 --> 00:00:59,270
Once you click on change, you will see the notification that password has been changed.

11
00:00:59,840 --> 00:01:01,280
Now focus on the URL.

12
00:01:02,100 --> 00:01:07,580
You can send this to some other authenticated user in an email or by any other method.

13
00:01:08,710 --> 00:01:11,820
Whenever he will click on it, his password will also be changed.

14
00:01:11,830 --> 00:01:15,610
And as we have set the password, we will know the password.

15
00:01:15,850 --> 00:01:18,610
The remains constant among different users.

16
00:01:18,610 --> 00:01:21,880
So whoever executes it, his password gets changed.

17
00:01:25,900 --> 00:01:29,740
So on your application, go to CSV module.

18
00:01:30,870 --> 00:01:31,140
Here.

19
00:01:31,140 --> 00:01:32,430
We can change our password.

20
00:01:33,950 --> 00:01:39,260
We also have a test credentials tab where we can check whether our password is correct or wrong.

21
00:01:45,130 --> 00:01:47,290
Do set the settings too low.

22
00:01:51,030 --> 00:01:53,160
Go to Csrf tab again.

23
00:01:55,440 --> 00:01:57,150
I try to set a new password.

24
00:01:59,330 --> 00:02:00,440
And click on Change.

25
00:02:01,460 --> 00:02:02,330
Don't notice the.

26
00:02:04,440 --> 00:02:07,550
A new password is indicated in the URL.

27
00:02:10,830 --> 00:02:14,340
Now copy this URL and send it to any other user.

28
00:02:17,610 --> 00:02:20,460
Now you can amend the password as per your wish.

29
00:02:21,740 --> 00:02:27,590
And whenever the other user executes this in his own browser, his password will also get changed.

30
00:02:28,610 --> 00:02:32,270
We can check the change password with test credentials.

31
00:02:37,900 --> 00:02:40,330
And we can see that password has been changed.

32
00:02:43,460 --> 00:02:47,870
If you look at the source code, we can see that there is no sanitation being performed.

33
00:02:50,770 --> 00:02:55,660
It just checks for the old password and matches the new password and the repeat password tab.

34
00:02:58,340 --> 00:03:01,880
I hope you understand the concept and see you in the next lecture.