CSRF - Lab #2 CSRF where token validation depends on request method | Long Version

Описание к видео CSRF - Lab #2 CSRF where token validation depends on request method | Long Version

In this video, we cover Lab #2 in the CSRF module of the Web Security Academy. This lab's email change functionality is vulnerable to CSRF. It attempts to block CSRF attacks, but only applies defenses to certain types of requests. To solve the lab, we craft some HTML that uses a CSRF attack to change the viewer's email address and upload it to to our exploit server.

▬ 🌟 Video Sponsor 🌟 ▬▬▬▬▬▬▬▬▬▬
Sign up to Intigriti: https://go.intigriti.com/ranakhalil (affiliate link)

▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: https://academy.ranakhalil.com/p/web-...

▬ 📖 Contents of this video 📖 ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
00:15 - Intigriti sponsorship (https://go.intigriti.com/ranakhalil)
01:09 - Navigation to the exercise
01:49 - Understand the exercise and make notes about what is required to solve it
02:39 - Exploit the lab using Burp Suite Pro
12:42 - Script the exploit (without Burp Suite Pro)
21:07 - Summary
21:27 - Thank You

▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬
HTML script: https://github.com/rkhal101/Web-Secur...
Notes.txt document:https://github.com/rkhal101/Web-Secur...
CSRF Lab #1 (previous video):    • CSRF - Lab #1 CSRF vulnerability with...  
CSRF theory video:    • Cross-Site Request Forgery (CSRF) | C...  
Web Security Academy Youtube Video Series Release Schedule: https://docs.google.com/spreadsheets/...
Web Security Academy: https://portswigger.net/web-security/...
Rana's Twitter account:   / rana__khalil  

Комментарии

Информация по комментариям в разработке