
Vulnerability Description=> Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request.
↓ ↓ ↓ ↓ How to Exploit ↓ ↓ ↓ ↓
1. Go to Online Lottery PHP Readymade Script site [http://74.124.215.220/~clienemo/demo/lottery]
⇓ ⇓ ⇓ ⇓

2. Click on sign up and register new account
⇓ ⇓ ⇓ ⇓

3. Verify your mail id
⇓ ⇓ ⇓ ⇓

4. Come back again Online Lottery PHP Readymade Script site and log in into your account
⇓ ⇓ ⇓ ⇓

5. Go to My profile then Edit Profile and rename according to you and click on Save Changes
⇓ ⇓ ⇓ ⇓

6. Make sure that burp interceptor is on and Then Capture the data
⇓ ⇓ ⇓ ⇓

7. Generate CSRF PoC
⇓ ⇓ ⇓ ⇓

8. Copy the code and save using .html extension
⇓ ⇓ ⇓ ⇓

9. Exploit CSRF on Online Lottery PHP Readymade Script site
⇓ ⇓ ⇓ ⇓


Leave a Reply