CSRF - Lab #4 CSRF where token is not tied to user session | Short Version
HTML-код
- Опубликовано: 27 сен 2024
- In this video, we cover Lab #4 in the CSRF module of the Web Security Academy. This lab's email change functionality is vulnerable to CSRF. It uses tokens to try to prevent CSRF attacks, but they aren't integrated into the site's session handling system. To solve the lab, use your exploit server to host an HTML page that uses a CSRF attack to change the viewer's email address.
▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: academy.ranakh...
▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬
CSRF Lab #4 long video: • CSRF - Lab #4 CSRF whe...
Notes.txt document: github.com/rkh...
CSRF theory video: • Cross-Site Request For...
Web Security Academy RUclips Video Series Release Schedule: docs.google.co...
Web Security Academy: portswigger.ne...
Rana's Twitter account: / rana__khalil
I love how detailed you do these tutorials and the way you use a check list when examining these vulnerabilities! You definitely got my subscription
I'm a big big fan of our work. I can't thank you enough for this series. May god bless you with great health and fortune.
good work
Very good explanation. Thank you.
amazing explanation
awasome tutorial
Thank you
Hi Rana, thanks for the explanation. May I know why the CSRF Token in Forms or Requests is different from the CSRF Token in chrome browser's Network Tab?
I know the answer. The CSRF token in the form is to be used for subsequent requests. Which is reflected in the browser network tab 😂
Asa lamu elykum Mam,
Do u have any course on security in DJANGO
For that we need victim account in real world
انتي فلسطينية ليش كورساتك بل انجليزي 🙂💔
6:36 that's a wrong assumption dear since it's refered in the lab that both accounts is yours + why would u make a csrf attack on carlos if u have his credintials ! 😆😆
Thankyou so much ❤