Description: Change the name of a user by performing Cross-Site Request Forgery from another origin.
Difficulty: 3 star
Category: Broken Access Control
Expanded Description: https://pwning.owasp-juice.shop/part2/broken-access-control.html
Older Firefox browser
To start out with, let me just say that I wish the expanded description would have directed me to an older version of Firefox like the Solutions Guide did. That would have saved me quite a bit of time.
In the HTML editor (within an older browser), copy/paste the HTML code from the user profile page to the editor, then add in a CSRF payload near the top of the HTML code and enjoy your completed challenge.
Prevention and Mitigation Strategies:
Lessons Learned and Things Worth Mentioning:
I need to spend more time learning about CSRF exploits. Normally I’d have something to say here, but I’m still a little confused as to what exactly happened.