WebGoat CSRF 3 4

WebGoat CSRF 3

WebGoat CSRF lesson 3

This lesson requires us to execute the “Submit Query” button from an external source, different from the lesson page, while logged in on WebGoat

Submit from lesson page

By clicking the “Submit Query” WebGoat replies with some JSON telling us that the action seems to be coming from the form itself

HTML inspection on browser dev tool

Going back to the lesson page, open your favorite browser dev tools and inspect the “Submit Query” button

File containing lesson form

Copy the form on a file and add “http://<webgoat_ip>:<webgoat_port>” to the form action URL (this is a really bad HTML page but it’ll be enough for our purpose)

Saved HTML form on browser

Open the file on your browser and click the button

Lesson completed

WebGoat replies with a JSON message, different from before, plus a numeric flag value

Copy the flag value on the lesson page text field, submit and the lesson is completed

WebGoat CSRF 4

WebGoat CSRF lesson 4

Similar to the previous lesson, we are asked to post a review as someone else

Lesson page on browser dev tool

As before, open your browser dev tool and copy the form

Lesson page form saved on file

Put the form in an HTML file and add WebGoat socket to the form action URL

Saved HTML form on browser

Open the page on your browser, fill the form and submit

Lesson completed

And the lesson is completed, by going to the lesson page you will see your forged review

This concludes WebGoat CSRF 3 4

I hope you liked it.

PVXs — https://twitter.com/pivixih