all InfoSec news
Portswigger’s Lab write up: CSRF vulnerability with no defenses
Sept. 17, 2022, 7:27 p.m. | Christian Paez
DEV Community dev.to
In this apprentice-level lab, we will exploit a site that contains a CSRF vulnerability in its email change functionality.
After signing in and trying to update our account's email to something like 'test@gmail.com', we can see the following request in the Network tab of our browser or Burpsuite Intercept:
POST /my-account/change-email HTTP/1.1
Host: [0a9a0027047d6aaec1fa58be003b00b3.web-security-academy.net](<http://0a9a0027047d6aaec1fa58be003b00b3.web-security-academy.net/>)
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 22
Origin: [<https://0a9a0027047d6aaec1fa58be003b00b3.web-security-academy.net>](<https://0a9a0027047d6aaec1fa58be003b00b3.web-security-academy.net/>) …
More from dev.to / DEV Community
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Regional Leader, Cyber Crisis Communications
@ Google | United Kingdom
Regional Intelligence Manager, Compliance, Safety and Risk Management
@ Google | London, UK
Senior Analyst, Endpoint Security
@ Scotiabank | Toronto, ON, CA, M1K5L1
Software Engineer, Security/Privacy, Google Cloud
@ Google | Bengaluru, Karnataka, India
Senior Security Engineer
@ Coinbase | Remote - USA