The Hidden CSRF Vulnerability: Why Testing Every Endpoint Matters! (A Must-Watch Lesson) | 2024
HTML-код
- Опубликовано: 4 окт 2024
- In this eye-opening video, we dive into the world of cybersecurity and uncover a surprising CSRF vulnerability that allowed me to manipulate sensitive data. Join me as we explore why testing every endpoint is crucial and how even seemingly harmless parameters can pose a serious risk. Stay tuned to learn valuable lessons on safeguarding against such exploits and always thinking like a hacker to protect your systems effectively. Don't miss out on this essential knowledge to bolster your cybersecurity defenses!
Website: bepractical.tech
Telegram: telegram.me/be...
Previous Video: • Bug Bounty: Best Way T...
The Art Of Web Reconnaissance:
www.udemy.com/...
Hacking Windows with Python from Scratch: www.udemy.com/...
The Ultimate Guide to Hunt Account Takeover:
www.udemy.com/... 
Наука
Telegram channel link: telegram.me/bepracticaltech
.b.i.n.a. .s.a.r.a.n.a. .i.n.f.o.r.m.a.t.i.k.a.
so if we find CSRFTOKEN used in the request, JWT token, JSON data.. we can determine that it s not vulnrable to CSRF And we can moveon.. but can you explain more parameter through which we can determine that its not vuln to CSRF..
Thank you
You're welcome!
Great video man
hey bud thanks for the video
I need help please tell me how to do this, please explain in ur simple words.. by tonight i have to complete this
Vulnerability Assessment and Remediation Scenario: Create your own simulated network environment containing several security vulnerabilities. Your task is to identify, document, and propose remediation for these vulnerabilities. Tasks: o Perform a vulnerability scan using tools . o Identify and document all vulnerabilities found. o For each vulnerability, provide: ▪ A description of the vulnerability. ▪ The potential impact on the system. ▪ Steps for remediation.
I unable to install kali Linux in my laptop...so big issue...
Try using live persistent kali linux
Which tool have you used for checking requets "Intercept"
Burpsuite
happy eid bro❤
and thanks for this tutorial...
Thank you so much for the wishes!
In this Target 🎯 you are able to remove everyones data ? If yes then that is token based for session then how you are able to remove it?
As shown in the video, this is a csrf vulnerability which means that the victim needs to click on the "submit" button and that will remove the upi id from this web app.
Can you please make a video for http request smuggling?
buddy make a video for json content-type in CSRF showing how to bypass this.
Lets assume we have 2 accounts, attacker account in firefox and victim account in chrome. Now from the attacker account, we remove the upi and capture that request in burp and generated an csrf POC. Now if we open csrfpoc.html file in chrome browser, will the victim's upi gets removed ?
Thats how the impact goes high because removing our own upi will not be an high impact right ? Please explain me on this.
I am asking this because, There is a unique cookie going to the server to authorize..please explain
Yes, you are correct! Once we have identified the csrf vulnerability, we will simply send the html form to the victim. Once the victim clicks on the submit button, their upi id will be removed!
Question, how can you tell in the request that itd allow for a csrf i noticed none of the responses showed a samesite param or anything like that, even when adding the email. Whats the difference in the responses that allow for csrf besides it being GET and POST, is that the only difference?
Didn't get you. Please explain again
The main thing here is that "attributes cookies doesn't have same site" you didn't explain it.
Do you have discord server?
U able to remove anyone account upi?
Yess
Are jwt token vulnerable to csrf
Not at all. Normally, the ajax request fetch the token and then use it for the rest of the requests. Therefore they are usually safe from CSRF
@@BePracticalTech thanks!
Love you bhai happ Eid bhai jaan ❤❤❤ nice 👍🏼
You too.. Thanks for the wishes!
batman yadav
❤❤❤❤
First
You need a cookie for removing the UPI I'd, this not big issue in my opinion
This is a CSRF vulnerability. As shown in the video, I was able to remove the UPI id.
@@BePracticalTech this content is very high-quality. There is no doubt about it.
where i can contact you sir i asking somthing to you
business@bepractical.tech