CSRF Example - Low Complexity

Описание: In this example we very slowly go through how to execute CSRF.

First we are presented with a password reset option.

When viewing the source code we see the form that does not santise any input.

Now we take this form code and create our own php version of this on our server. Our server needs to be routeable to the vulnerable server.

Now we tell our code that when the a new password is entered and the 'change' option is selected, dont upload '#' upload the path to the csrf form on the vulnerable webpage.
this way we have reset the admin password without the admin knowing about it.
This is a very basic example but the point is still valid.