-
Book Overview & Buying
-
Table Of Contents
-
Feedback & Rating

Burp Suite Cookbook
By :

Cross-Site Request Forgery (CSRF) is an attack that rides on an authenticated user’s session to allow an attacker to force the user to execute unwanted actions on the attacker’s behalf. The initial lure for this attack can be a phishing email or a malicious link executing through a cross-site scripting vulnerability found on the victim’s website. CSRF exploitation may lead to a data breach or even a full compromise of the web application.
Using the OWASP Mutillidae II application registration form, determine whether a CSRF attack is possible within the same browser (a different tab) while an authenticated user is logged in to the application.
To begin this recipe, let’s first baseline the current number of records in the account table and perform SQL injection to see this:
Change the font size
Change margin width
Change background colour