CSRF - Lab #2 CSRF where token validation depends on request method | Short Version

Описание

In this video, we cover Lab #2 in the CSRF module of the Web Security Academy. This lab's email change functionality is vulnerable to CSRF. It attempts to block CSRF attacks, but only applies defenses to certain types of requests. To solve the lab, we craft some HTML that uses a CSRF attack to change the viewer's email address and upload it to to our exploit server.

▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: https://academy.ranakhalil.com/p/web-security-academy-video-series

▬ ? Links ? ▬▬▬▬▬▬▬▬▬▬
CSRF Lab #2 long video: https://www.youtube.com/watch?v=5RokLvsKeRU&ab_channel=RanaKhalil
Notes.txt document:https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/csrf/lab-02/notes.txt
CSRF Lab #1 (previous video): https://www.youtube.com/watch?v=BBosVSNiJdM&ab_channel=RanaKhalil
CSRF theory video: https://www.youtube.com/watch?v=7bTNMSqCMI0&ab_channel=RanaKhalil
Web Security Academy Youtube Video Series Release Schedule: https://docs.google.com/spreadsheets/d/16ypyLuDq2DZ1JAz_WvL1ZV-WiDWhvomgrK_1Hux4MFY/edit#gid=0
Web Security Academy: https://portswigger.net/web-security/csrf/lab-token-validation-depends-on-request-method
Rana's Twitter account: https://twitter.com/rana__khalil