In this video, we cover Lab #1 in the CSRF module of the Web Security Academy. This lab's email change functionality is vulnerable to CSRF. To solve the lab, we craft some HTML that uses a CSRF attack to change the viewer's email address and upload it to to our exploit server.
▬ 馃専 Video Sponsor 馃専 ▬▬▬▬▬▬▬▬▬▬
Sign up to Intigriti: https://go.intigriti.com/ranakhalil (affiliate link)
▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: https://academy.ranakhalil.com/p/web-security-academy-video-series
▬ 馃摉 Contents of this video 馃摉 ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
00:13 - Intigriti sponsorship (https://go.intigriti.com/ranakhalil)
01:07 - Navigation to the exercise
01:51 - Understand the exercise and make notes about what is required to solve it
03:00 - Exploit the lab using Burp Suite Pro
12:58 - Script the exploit (without Burp Suite Pro)
23:00 - Summary
23:16 - Thank You
▬ 馃敆 Links 馃敆 ▬▬▬▬▬▬▬▬▬▬
CSRF Theory video (previous video): TBA
HTML script: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/csrf/lab-01/csrf-lab01.html
Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/csrf/lab-01/notes.txt
Web Security Academy Youtube Video Series Release Schedule: https://docs.google.com/spreadsheets/d/16ypyLuDq2DZ1JAz_WvL1ZV-WiDWhvomgrK_1Hux4MFY/edit#gid=0
Web Security Academy: https://portswigger.net/web-security/csrf/lab-no-defenses
Rana's Twitter account: https://twitter.com/rana__khalil
0 Comments