Cross-Site Request Forgery (CSRF) Explained

Показать описание

💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:

JOIN DISCORD:

🆓 🆓 🆓 $200 DigitalOcean Credit:

💬 Social Media

Timestamp
----
00:00 - Introduction
00:06 - Importance of understanding CSRF in bug bounty hunting and pentesting.
04:50 - Risk of unauthorized access due to lack of CSRF protection and reliance on current password.
07:16 - Testing different methods to bypass CSRF protection on a website.
09:34 - Identifying and exploiting CSRF vulnerability by manipulating CSRF token and parameters.

#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp

NahamSec

Рекомендации по теме

Комментарии

Wow... This is amazing!!! I have been struggling trying to understand CSRF attacks. This video has helped a lot. Thank you Ben for these amazing videos.

santiagotaboada

Thanks as usual Ben, You're still da man bro :) I've been having some medical issues lately so I'm in the 10 possibly even15 week program but it's ok i could never work for you at this point in time anyways. I'm sure you wouldn't remember but last year about this time I commented on a video saying i was a 51yr old paraplegic who didn't know Linux, the terminal, heck i never even used a computer the only tech i new was my cell and how to email someone on it 🤷‍♂🤦‍♂. I seen one of your videos and thought i can learn bug bounty and make money from home because I'm stuck in a nursing home so i am going to teach myself so i can pay for help and get my own place. I'm proud to say I'm on my way since I'm teaching myself everything i gave 1.5 to 2 years where i can learn enough to make steady money to go with my SS check not a million dollar hacker like you but steady money and I'm proud to say I'm on track chugging along slow but steady :)

MFoster

The question of "so what" (1:52), or as I like to ask about nearly everything in life, "who cares?" If people care about the vulnerability then it gains severity. The more "destructive" you can pitch the vulnerability as the higher the severity and two low severity vulns could easily become a critical vuln if combo'd so don't just report low bugs, you are only screwing yourself over.

papafhill

5WP and thanks for the content as always! Hope to meet you at Defcon

MarkFoudy

Thanks for video, 👍 but what happened to Q&A video on CSRF ....? it is marked as private.... Will it be available sooner?

vis

hallo ben thanks for making this video, I want to ask you how to execute csrf on graphql?

vallerioalvaren

I started to watch all your 5w from xss, and i have a question, where can i find my first vulnerability, i know how does this vulnerability loo k like but i dont know where should i looking for them, mayby every web page i working with?

sQbhAn

from 5wp. tnx a lot 'soltan' nahamsec

bigbugbang-lrsy

I cannot reproduce what you are doing on notifications / email, I cannot change anything

RealEyes

5WP - thanks for the video, time to go see how good coca-cola is at csrf protections!

DanMulvey

I don’t understand . You talk and explain the concept so fast that i can’t even comprehend what is going on

programmerbully

I could not understand the part where you framed an HTML element using <img/src> tag. I tried opening it and was unable to execute the action that I intended to. My second question isa if I were to delete any user info I would not have the access to the other user's account usually. How would I find the id value in that case.

adhishrikothiyal.dreamz