Lets assume we have 2 accounts, attacker account in firefox and victim account in chrome. Now from the attacker account, we remove the upi and capture that request in burp and generated an csrf POC. Now if we open csrfpoc.html file in chrome browser, will the victim's upi gets removed ? Thats how the impact goes high because removing our own upi will not be an high impact right ? Please explain me on this. I am asking this because, There is a unique cookie going to the server to authorize..please explain

Excellent, thanks

i follow exactly your steps but when i activate the tunneling, i cant connect to internet. Can't figure out what the problem should be. Any ideas?

is there any reference report for the same ?

Hi sir I was found a "CAPTCHA_TOKEN" in js file it is image of form vulnerability are not i can report are tell me sir

You are insane Mann I love the way you teach 😊😊😊

Whats the ip displayed when we ping the website ?

where i can contact you sir i asking somthing to you

please do a video about how we check false positive or not

Excellent video 📹 brother. How to find vulnerable parameters and endpoints. I found many endpoints and parameters from paramspider collector parameth arjun x8, etc, but all of them failed in sqlmap or Ghauri because they are not injectable. How to solve this crucial problem. Thanks for your help and support. 🎉❤

beautiful bro!!!!

so if we find CSRFTOKEN used in the request, JWT token, JSON data.. we can determine that it s not vulnrable to CSRF And we can moveon.. but can you explain more parameter through which we can determine that its not vuln to CSRF..

Thanks bro

I need help please tell me how to do this, please explain in ur simple words.. by tonight i have to complete this Vulnerability Assessment and Remediation Scenario: Create your own simulated network environment containing several security vulnerabilities. Your task is to identify, document, and propose remediation for these vulnerabilities. Tasks: o Perform a vulnerability scan using tools . o Identify and document all vulnerabilities found. o For each vulnerability, provide: ▪ A description of the vulnerability. ▪ The potential impact on the system. ▪ Steps for remediation.

Thank you so much for this video, i was having one doubt that. If they are using XSRF token in cookies: header then, that is sufficient for csrf or not?

Question, how can you tell in the request that itd allow for a csrf i noticed none of the responses showed a samesite param or anything like that, even when adding the email. Whats the difference in the responses that allow for csrf besides it being GET and POST, is that the only difference?

Great video man

Great video, its explained very well

Can you please make a video for http request smuggling?

Thanks for showing us how easy it is to do this. Does anyone know about code obfuscation tools that would prevent something like?

Xxs script executed status code 200 but no output . Is it blind xss or any other

quality content. i always prefer manual rather than automated

What is the impact sir?

Dude, I'm a big fan and I admire and inspire me, your work, I would like you to help me find simpler sites like this. Generally, my targets are very well protected, but it's possible to overcome them. them and this takes much more time than in simpler systems, I have little experience but I have already found some cool vulnerabilities, I still can't afford better education in cybersecurity, I would be very happy and I'm sure that the entire community that is also starting out would be very happy and would help a lot, thank you for everything, I hope you read it

Which tool have you used for checking requets "Intercept"

Do you have discord server?

In this Target 🎯 you are able to remove everyones data ? If yes then that is token based for session then how you are able to remove it?

You need a cookie for removing the UPI I'd, this not big issue in my opinion

happy eid bro❤ and thanks for this tutorial...

buddy make a video for json content-type in CSRF showing how to bypass this.

Really Helpful! Thank you!

how can i bypass html entity encoding

Love you bhai happ Eid bhai jaan ❤❤❤ nice 👍🏼

U able to remove anyone account upi?

Are jwt token vulnerable to csrf

❤❤❤❤

Telegram channel link: telegram.me/bepracticaltech

Thank you

First

got it ! Great explanation

where is the lab or source code?

Thanks!!!

if <> this symbol block what can do

Please upload a video on contentfull cms pen test

Please make a video xxe basic and next level