Press "Enter" to skip to content

Exploiting CSRF on JSON Endpoint without Flash

JSON CSRF Exploit

Before we begin with JSON CSRF we need to nail down the Fundamentals of traditional CSRF and JSON based CSRF.

What is CSRF?

CSRF is Cross-Site Request Forgery vulnerability which can be used to force an user to conduct unintended actions on a Web Application. Using this flaw an attacker can perform various attacks based on the affected module such as changing Email ID, Password for the User’s Account.

CSRF on JSON Endpoint:

When performing CSRF on JSON Endpoint Server usually rejects the request due to extra padding from traditional CSRF Exploit with HTML forms. Usually server checks for Content-Type: application/json Header which becomes hard to exploit as we cannot change content-type in HTML. In order to perform JSON CSRF below conditions should be met:

  • User should be loggedin
  • Authentication Method should be cookie based only
  • No Authentication Token present in Header
  • Same-Origin Policy should not be enforced
  • Application accepts any content type: Easily Exploitable with HTML forms
  • Application only accepts application/json content type: Exploitable with Fetch API

When trying CSRF on such Endpoints with HTML we can often face padding issues due to HTML Forms which is why we are going to use Fetch API in Javascript.

CSRF Fails due to padding in HTML form for JSON request

We are going to use our JSON CSRF PoC Code from Github and replace URL and JSON Body.

JSON CSRF Exploit Code

You can find this exploit code on the github page.

https://github.com/rootsploit/JSON-CSRF-PoC/

Using above code we can edit the URL and replace the body with the JSON Data to perform CSRF.

JSON CSRF Exploit

After performing CSRF we are redirecting user to other page.

CSRF Exploited and User Redirected

Conclusion:

This CSRF was exploitable due to lack of Anti-CSRF Token and Cookie Based Authentication, using Token Based Authentication could have fixed the issue as well.

Thank for reading do follow @rootsploit for more InfoSec Writeups!!!

References:

https://github.com/rootsploit/JSON-CSRF-PoC/

https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch

9 Comments

  1. skofos skofos August 1, 2020

    nice mateee i love this article

  2. Gt Gt August 4, 2020

    ­čĹŹ

  3. ─░nsanlar─▒n internetten para kazanma yollar─▒ hakk─▒nda daha fazla bilgiye ula┼čmalar─▒ ad─▒na s├╝rekli olarak ara┼čt─▒rmalar yapan iguanabey sitesi ile sizler
    de art─▒k bo┼č zamanlar─▒n─▒z─▒ de─čerlendirebilirsiniz.
    Bu sayede evinizde bilgisayar─▒n─▒zdan oturdu─čunuz yerden belirli masraflar─▒n─▒z─▒ kar┼č─▒layacak kadar gelir elde etmeniz m├╝mk├╝n olacakt─▒r.

  4. backlink paketleri backlink paketleri November 23, 2020

    backlink paketleri backlink paketleri backlink paketleri backlink paketleri
    backlink paketleri backlink paketleri backlink paketleri
    backlink paketleri
    backlink paketleri backlink paketleri backlink paketleri backlink paketleri

  5. kosimge kosimge November 23, 2020

    kosimge kosimge kosimge kosimge kosimge kosimge kosimge kosimge kosimge kosimge
    kosimge kosimge kosimge kosimge kosimge kosimge kosimge kosimge kosimge kosimge
    kosimge kosimge kosimge kosimge kosimge kosimge kosimge kosimge kosimge kosimge

  6. antalya escort bayanlar antalya escort bayanlar November 24, 2020

    Antalya escort bayanlar seni bekliyor! Hemen t─▒kla, Antalya escort bayanlar ile g├Âr├╝┼čme sa─čla.
    Antalya escort bayanlar sayfas─▒

  7. antalya escort bayan antalya escort bayan November 24, 2020

    Antalya escort bayan sayfas─▒ ile h─▒zl─▒ca Antalya escort bayan bulabilir ve Antalya escort
    bayan ile seksi dakikalar ge├žirebilirsin.

  8. antalya escort antalya escort November 24, 2020

    Antalya Escort sitesi ile Antalya Escort bulabilir ve
    Antalya escort bayanlar ile g├Âr├╝┼čebilirsin.

Leave a Reply

Your email address will not be published. Required fields are marked *