Realist

The related resources for this challenge seem to suggest that CSRF is at play for completing this challenge. What I am confused about is how CSRF would be useful in this scenario. To the best of my knowledge CSRF generally deals with getting some sort of action to occur on behalf of the logged in user such as transferring funds from the logged in users account, logging out the user, etc. From what I can tell, the only actions that exist within this application are:

– registering an account
– logging in / out
– submitting a contact form to the admin

There may be other functionality behind the scenes that we don’t know about as non-admins such as granting admin access but it is impossible to know if granting admin access would be something that could be done through CSRF without access to the webapplication source code or knowledge of what functionality exists for a logged in admin user.

I have successfully been able to log out the admin but I am not able to think of any other CSRF exploitation vectors that would give me access to the exploits we are supposed to retrieve from the site. I initially thought about attempting to try to steal session cookies but this seems to not be the way forward because:

– From my tests, it appears that http requests are not made from the site back to me / the attacker
– Stealing cookies would be more of an XSS attack so it seems providing references to CSRF would have been the wrong related material to provide

Does anyone have any suggestions or links to other possible CSRF use cases that could be helpful in this challenge?

I ended up figuring it out. Two pieces of advice for future strugglers:

– The related material won’t always point you toward all the necessary techniques to complete the challenge
– I found this advice in an old forum posting here about this challenge: "Read the news..."