so if we find CSRFTOKEN used in the request, JWT token, JSON data.. we can determine that it s not vulnrable to CSRF And we can moveon.. but can you explain more parameter through which we can determine that its not vuln to CSRF..
Question, how can you tell in the request that itd allow for a csrf i noticed none of the responses showed a samesite param or anything like that, even when adding the email. Whats the difference in the responses that allow for csrf besides it being GET and POST, is that the only difference?
Lets assume we have 2 accounts, attacker account in firefox and victim account in chrome. Now from the attacker account, we remove the upi and capture that request in burp and generated an csrf POC. Now if we open csrfpoc.html file in chrome browser, will the victim's upi gets removed ? Thats how the impact goes high because removing our own upi will not be an high impact right ? Please explain me on this. I am asking this because, There is a unique cookie going to the server to authorize..please explain
Yes, you are correct! Once we have identified the csrf vulnerability, we will simply send the html form to the victim. Once the victim clicks on the submit button, their upi id will be removed!
As shown in the video, this is a csrf vulnerability which means that the victim needs to click on the "submit" button and that will remove the upi id from this web app.
I need help please tell me how to do this, please explain in ur simple words.. by tonight i have to complete this Vulnerability Assessment and Remediation Scenario: Create your own simulated network environment containing several security vulnerabilities. Your task is to identify, document, and propose remediation for these vulnerabilities. Tasks: o Perform a vulnerability scan using tools . o Identify and document all vulnerabilities found. o For each vulnerability, provide: ▪ A description of the vulnerability. ▪ The potential impact on the system. ▪ Steps for remediation.
Telegram channel link: telegram.me/bepracticaltech
.b.i.n.a. .s.a.r.a.n.a. .i.n.f.o.r.m.a.t.i.k.a.
so if we find CSRFTOKEN used in the request, JWT token, JSON data.. we can determine that it s not vulnrable to CSRF And we can moveon.. but can you explain more parameter through which we can determine that its not vuln to CSRF..
Question, how can you tell in the request that itd allow for a csrf i noticed none of the responses showed a samesite param or anything like that, even when adding the email. Whats the difference in the responses that allow for csrf besides it being GET and POST, is that the only difference?
Didn't get you. Please explain again
Thank you
You're welcome!
Lets assume we have 2 accounts, attacker account in firefox and victim account in chrome. Now from the attacker account, we remove the upi and capture that request in burp and generated an csrf POC. Now if we open csrfpoc.html file in chrome browser, will the victim's upi gets removed ?
Thats how the impact goes high because removing our own upi will not be an high impact right ? Please explain me on this.
I am asking this because, There is a unique cookie going to the server to authorize..please explain
Yes, you are correct! Once we have identified the csrf vulnerability, we will simply send the html form to the victim. Once the victim clicks on the submit button, their upi id will be removed!
Which tool have you used for checking requets "Intercept"
Burpsuite
Great video man
happy eid bro❤
and thanks for this tutorial...
Thank you so much for the wishes!
hey bud thanks for the video
In this Target 🎯 you are able to remove everyones data ? If yes then that is token based for session then how you are able to remove it?
As shown in the video, this is a csrf vulnerability which means that the victim needs to click on the "submit" button and that will remove the upi id from this web app.
I need help please tell me how to do this, please explain in ur simple words.. by tonight i have to complete this
Vulnerability Assessment and Remediation Scenario: Create your own simulated network environment containing several security vulnerabilities. Your task is to identify, document, and propose remediation for these vulnerabilities. Tasks: o Perform a vulnerability scan using tools . o Identify and document all vulnerabilities found. o For each vulnerability, provide: ▪ A description of the vulnerability. ▪ The potential impact on the system. ▪ Steps for remediation.
I unable to install kali Linux in my laptop...so big issue...
Try using live persistent kali linux
Can you please make a video for http request smuggling?
buddy make a video for json content-type in CSRF showing how to bypass this.
U able to remove anyone account upi?
Yess
Are jwt token vulnerable to csrf
Not at all. Normally, the ajax request fetch the token and then use it for the rest of the requests. Therefore they are usually safe from CSRF
@@BePracticalTech thanks!
The main thing here is that "attributes cookies doesn't have same site" you didn't explain it.
Love you bhai happ Eid bhai jaan ❤❤❤ nice 👍🏼
You too.. Thanks for the wishes!
Do you have discord server?
batman yadav
❤❤❤❤
First
where i can contact you sir i asking somthing to you
business@bepractical.tech
You need a cookie for removing the UPI I'd, this not big issue in my opinion
This is a CSRF vulnerability. As shown in the video, I was able to remove the UPI id.
@@BePracticalTech this content is very high-quality. There is no doubt about it.