This lab’s email change functionality is vulnerable to CSRF. It uses tokens to try to prevent CSRF attacks, but they aren’t integrated into the site’s session handling system.
- Open Burp’s browser and log in to your account. Submit the “Update email” form, and intercept the resulting request.
- Make a note of the value of the CSRF token, then drop the request.
- Open a private/incognito browser window, log in to your other account, and send the update email request into Burp Repeater.
- Observe that if you swap the CSRF token with the value from the other account, then the request is accepted.
- Create and host a proof of concept exploit as described in the solution to the CSRF vulnerability with no defenses lab. Note that the CSRF tokens are single-use, so you’ll need to include a fresh one.
- Change the email address in your exploit so that it doesn’t match your own.
- Store the exploit, then click “Deliver to victim” to solve the lab.