The Hidden CSRF Vulnerability: Why Testing Every Endpoint Matters! (A Must-Watch Lesson) | 2024
Рет қаралды 4,161
Күн бұрынIn this eye-opening video, we dive into the world of cybersecurity and uncover a surprising CSRF vulnerability that allowed me to manipulate sensitive data. Join me as we explore why testing every endpoint is crucial and how even seemingly harmless parameters can pose a serious risk. Stay tuned to learn valuable lessons on safeguarding against such exploits and always thinking like a hacker to protect your systems effectively. Don't miss out on this essential knowledge to bolster your cybersecurity defenses!
Website: bepractical.tech
Telegram: telegram.me/be...
Previous Video: • Bug Bounty: Best Way T...
The Art Of Web Reconnaissance:
www.udemy.com/...
Hacking Windows with Python from Scratch: www.udemy.com/...
The Ultimate Guide to Hunt Account Takeover:
www.udemy.com/...
@BePracticalTech 2 ай бұрын
Telegram channel link: telegram.me/bepracticaltech
@adhitamaputra-73 2 ай бұрын
.b.i.n.a. .s.a.r.a.n.a. .i.n.f.o.r.m.a.t.i.k.a.
@entertainment_in_blood 2 ай бұрын
so if we find CSRFTOKEN used in the request, JWT token, JSON data.. we can determine that it s not vulnrable to CSRF And we can moveon.. but can you explain more parameter through which we can determine that its not vuln to CSRF..
@vijay_sawant 2 ай бұрын
Thank you
@BePracticalTech 2 ай бұрын
You're welcome!
@eyezikandexploits 2 ай бұрын
Great video man
@user-mo8uj9vq5u Ай бұрын
hey bud thanks for the video
@IllIIIIIIllll Ай бұрын
The main thing here is that "attributes cookies doesn't have same site" you didn't explain it.
@ashikrahman1036 2 ай бұрын
happy eid bro❤ and thanks for this tutorial...
@BePracticalTech 2 ай бұрын
Thank you so much for the wishes!
@eyezikandexploits 2 ай бұрын
Question, how can you tell in the request that itd allow for a csrf i noticed none of the responses showed a samesite param or anything like that, even when adding the email. Whats the difference in the responses that allow for csrf besides it being GET and POST, is that the only difference?
@BePracticalTech 2 ай бұрын
Didn't get you. Please explain again
@gowtham8774 2 ай бұрын
Can you please make a video for http request smuggling?
@user-yo5lx4gm1o 2 ай бұрын
Which tool have you used for checking requets "Intercept"
@BePracticalTech 2 ай бұрын
Burpsuite
@mohan9097 2 ай бұрын
Lets assume we have 2 accounts, attacker account in firefox and victim account in chrome. Now from the attacker account, we remove the upi and capture that request in burp and generated an csrf POC. Now if we open csrfpoc.html file in chrome browser, will the victim's upi gets removed ? Thats how the impact goes high because removing our own upi will not be an high impact right ? Please explain me on this. I am asking this because, There is a unique cookie going to the server to authorize..please explain
@BePracticalTech 2 ай бұрын
Yes, you are correct! Once we have identified the csrf vulnerability, we will simply send the html form to the victim. Once the victim clicks on the submit button, their upi id will be removed!
@Ankitverma-yc7zf 2 ай бұрын
buddy make a video for json content-type in CSRF showing how to bypass this.
@nikilmuchur4031 2 ай бұрын
I need help please tell me how to do this, please explain in ur simple words.. by tonight i have to complete this Vulnerability Assessment and Remediation Scenario: Create your own simulated network environment containing several security vulnerabilities. Your task is to identify, document, and propose remediation for these vulnerabilities. Tasks: o Perform a vulnerability scan using tools . o Identify and document all vulnerabilities found. o For each vulnerability, provide: ▪ A description of the vulnerability. ▪ The potential impact on the system. ▪ Steps for remediation.
@nikilmuchur4031 2 ай бұрын
I unable to install kali Linux in my laptop...so big issue...
@BePracticalTech 2 ай бұрын
Try using live persistent kali linux
@l00pzwastaken 2 ай бұрын
In this Target 🎯 you are able to remove everyones data ? If yes then that is token based for session then how you are able to remove it?
@BePracticalTech 2 ай бұрын
As shown in the video, this is a csrf vulnerability which means that the victim needs to click on the "submit" button and that will remove the upi id from this web app.
@AKGaming0 2 ай бұрын
Do you have discord server?
@uttarkhandcooltech1237 2 ай бұрын
Love you bhai happ Eid bhai jaan ❤❤❤ nice 👍🏼
@BePracticalTech 2 ай бұрын
You too.. Thanks for the wishes!
@Prince-zu5uj 2 ай бұрын
U able to remove anyone account upi?
@BePracticalTech 2 ай бұрын
Yess
@newuser2474 2 ай бұрын
Are jwt token vulnerable to csrf
@BePracticalTech 2 ай бұрын
Not at all. Normally, the ajax request fetch the token and then use it for the rest of the requests. Therefore they are usually safe from CSRF
@newuser2474 2 ай бұрын
@@BePracticalTech thanks!
@jahanajj 2 ай бұрын
❤❤❤❤
@SecureByBhavesh 2 ай бұрын
First
@AKGaming0 2 ай бұрын
You need a cookie for removing the UPI I'd, this not big issue in my opinion
@BePracticalTech 2 ай бұрын
This is a CSRF vulnerability. As shown in the video, I was able to remove the UPI id.
@AKGaming0 2 ай бұрын
@@BePracticalTech this content is very high-quality. There is no doubt about it.
@codevibe007 2 ай бұрын
where i can contact you sir i asking somthing to you
@BePracticalTech 2 ай бұрын
business@bepractical.tech
Bug Bounty Reports Explained
Рет қаралды 7 М.
mufazmi
Рет қаралды 1,8 М.
BePractical
Рет қаралды 2,6 М.
BePractical
Рет қаралды 18 М.