Attacking Sites Using CSRF - Security Simplified

This video is sponsored by Intigriti. Intigriti is a bug bounty platform that pays you for reporting security vulnerabilities. Sign up to hack here: https://go.intigriti.com/vickie​

CSRF, or Cross-Site Request Forgery, is a technique that allows hackers to carry out unwanted actions on a victim’s behalf. For example, a hacker might be able to change your password or transferring money from your bank account without your permission. Sometimes, faulty CSRF protection mechanisms lead to inconsequential issues like unauthorized setting changes or emptying a user’s cart. Other times, they lead to much bigger issues: user information leak, XSS, and even one-click account takeovers.

Today, let’s talk about how you can escalate CSRF issues and a few cases that I have encountered in the wild of CSRFs leading to severe security issues.