Cross Site Request Forgery (CSRF)
Apr 6, 2023
what is the CSRF attack ?
CSRF is an attack where the attacker causes the victim user yo carry out an action unintentionally while that user is authenticated.
CSRF Conditions
For a CSRF attack to be possible, three key conditions must in place
- A relevant action
- Cookie based session handling
- No unpredictable request parameters
Under this bolg I mention How to check CSRF vulnerability in @postSwigger
Lab #1
Vulnerable parameter — email change functionality
Goal — exploit the CSRF vulnerability and change email address
credentials — wiener:peter