CSRF - Lab #2 CSRF where token validation depends on request method | Short Version
Рет қаралды 18,932
Күн бұрынIn this video, we cover Lab #2 in the CSRF module of the Web Security Academy. This lab's email change functionality is vulnerable to CSRF. It attempts to block CSRF attacks, but only applies defenses to certain types of requests. To solve the lab, we craft some HTML that uses a CSRF attack to change the viewer's email address and upload it to to our exploit server.
▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: academy.ranakhalil.com/p/web-...
▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬
CSRF Lab #2 long video: • CSRF - Lab #2 CSRF whe...
Notes.txt document:github.com/rkhal101/Web-Secur...
CSRF Lab #1 (previous video): • CSRF - Lab #1 CSRF vul...
CSRF theory video: • Cross-Site Request For...
Web Security Academy KZfaq Video Series Release Schedule: docs.google.com/spreadsheets/...
Web Security Academy: portswigger.net/web-security/...
Rana's Twitter account: / rana__khalil
@RanaKhalil101 2 жыл бұрын
Interested in supporting me and gaining early access to the Web Security Academy videos when they're recorded? Consider buying my course: academy.ranakhalil.com/p/web-security-academy-video-series! ✨ ✨
@frolicfox5432 2 жыл бұрын
First things first!! Hats off Mrs. Rana Khalil for this swashbuckling video series!! Ur elucidation of this concept is amazing which made my brain store it so easily! Can't wait for ur other lectures on various portswigger labs as am madly waiting for clickjacking series!! This channel is definitely the next big thing and truly a pentester's delight!! May Allah serve you the best always and bless you! Happy if I receive a reply from you madam!
@user-ni7rd7st8z Жыл бұрын
thank. I will follow your course
@brucebane7401 2 жыл бұрын
amazing!!!!!
@_____pd____5919 2 жыл бұрын
🔥🔥🔥
@user-ni7rd7st8z Жыл бұрын
thank
@S2eedGH Жыл бұрын
thanks a lot, Can you please explain more about the third condition (no unpredictable request parameters) ? at 03:34
@deadeye821 2 жыл бұрын
which cookie editor do u use and how to install it?
@saikrishnapuli6591 2 жыл бұрын
without deleting csrf token in the post method i have changed mail id and it worked
@rafinrahmanchy 2 жыл бұрын
Use the term "Exploitability" besides of "Analysis". It suites better
@bishalshrestha3880 2 жыл бұрын
First 😳
@etc.4792 Жыл бұрын
i'm followed all of your process but my lab is not solving and not congratulated me. please give me solution
@heyybigdaddy6988 Ай бұрын
did it work for you?
@naveenrawat1549 Ай бұрын
First store then view and then deliver
@heyybigdaddy6988 Ай бұрын
@@naveenrawat1549 nah. It was due to LAX being implemented in all the browsers. This video is old and doesn't tell you to add %3b%20SAMESITE=NONE after your csrf key.
@naveenrawat1549 Ай бұрын
@@heyybigdaddy6988 ohh I got it but have you done same session csrf key I got stuck there
@naveenrawat1549 22 күн бұрын
@@heyybigdaddy6988 brother help me how do I put this I am just after csrf key or somewhere else ? I mean if csrf= abcd12 then where do I put this
@thesecuritypoint 2 жыл бұрын
Second
Rana Khalil
Рет қаралды 6 М.
Rana Khalil
Рет қаралды 10 М.
Jason Derulo
Рет қаралды 112 МЛН
Rana Khalil
Рет қаралды 24 М.
Rana Khalil
Рет қаралды 7 М.
Bug Bounty Reports Explained
Рет қаралды 16 М.
Rana Khalil
Рет қаралды 10 М.
Brother-live_mob
Рет қаралды 554 М.
ProTech
Рет қаралды 80 М.