0
Welcome to CSRF Minefield!
CSRF Minefield is an Ubuntu Server 18.04 based virtual machine, that is heavily ridden with Cross-Site Request Forgery (CSRF) vulnerabilities. This VM hosts 11 real-world web applications that were found vulnerable to CSRF vulnerability and your aim is to find them and detonate them before they explode the target network.
What is CSRF?
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. – OWASP
How to find or test for a CSRF vulnerability?
As a starting point, you can use the following resources by the OWASP Project:
OWASP Testing Guide
OWASP Code Review Guide
List of Web applications included in this version of CSRF Minefield (along with access details):
- Bolt CMS 3.6.6
- PilusCart 1.4.1
- zzzphp CMS 1.6.1
- CMSSite 1.0
- OOP CMS Blog 1.0
- Integria IMS 5.0.83
- ZeusCart 4.0
- WSTMart 2.0.8
- Simple Online Hotel Reservation System
- OrientDB 3.0.17 GA Community Edition
- Apache CouchDB 2.3.1
How to get started?
- Download the VM from here or from Vulnhub and extract the Zip file.
- Import / Open OVF with VMWare Player or VMWare Workstation
- Run the VM
- Access the VM on IP address 192.168.126.162
- VM login details:
- Username: ptlab
- Password: ptlab
- To login as root: sudo su //(password same as above)
- Start hunting!
- There might be a few vulnerabilities of other kind. Let’s see if you can find them as well.
In case you run into any troubles, contact me on @yaksas443 (twitter) or csc[at]yaksas[dot]in
May the force be with you!
SPOILERS AHEAD!!
Credits (vulnerability researchers):
- Bolt CMS 3.6.6 – FelipeGaspar
- PilusCart 1.4.1 – Gionathan Reale
- zzzphp CMS 1.6.1 – Yang Chenglong
- CMSSite 1.0 – Mr Winst0n
- OOP CMS Blog 1.0 – Mr Winst0n
- Integria IMS 5.0.83 – Javier Olmedo
- ZeusCart 4.0 – mqt
- WSTMart 2.0.8 – linfeng
- Simple Online Hotel Reservation System – Mr Winst0n
- OrientDB 3.0.17 GA Community Edition – Ozer Goker
- Apache CouchDB 2.3.1 – Ozer Goker