Business inquiries and collaborations: business@bepractical.tech
BePractical is your ultimate go-to for all things cybersecurity, bug bounty, ethical hacking, penetration testing and more. Subscribe to our channel and become a cybersecurity pro!
Lets assume we have 2 accounts, attacker account in firefox and victim account in chrome. Now from the attacker account, we remove the upi and capture that request in burp and generated an csrf POC. Now if we open csrfpoc.html file in chrome browser, will the victim's upi gets removed ? Thats how the impact goes high because removing our own upi will not be an high impact right ? Please explain me on this. I am asking this because, There is a unique cookie going to the server to authorize..please explain
Excellent video 📹 brother. How to find vulnerable parameters and endpoints. I found many endpoints and parameters from paramspider collector parameth arjun x8, etc, but all of them failed in sqlmap or Ghauri because they are not injectable. How to solve this crucial problem. Thanks for your help and support. 🎉❤
so if we find CSRFTOKEN used in the request, JWT token, JSON data.. we can determine that it s not vulnrable to CSRF And we can moveon.. but can you explain more parameter through which we can determine that its not vuln to CSRF..
I need help please tell me how to do this, please explain in ur simple words.. by tonight i have to complete this Vulnerability Assessment and Remediation Scenario: Create your own simulated network environment containing several security vulnerabilities. Your task is to identify, document, and propose remediation for these vulnerabilities. Tasks: o Perform a vulnerability scan using tools . o Identify and document all vulnerabilities found. o For each vulnerability, provide: ▪ A description of the vulnerability. ▪ The potential impact on the system. ▪ Steps for remediation.
Thank you so much for this video, i was having one doubt that. If they are using XSRF token in cookies: header then, that is sufficient for csrf or not?
Question, how can you tell in the request that itd allow for a csrf i noticed none of the responses showed a samesite param or anything like that, even when adding the email. Whats the difference in the responses that allow for csrf besides it being GET and POST, is that the only difference?
Dude, I'm a big fan and I admire and inspire me, your work, I would like you to help me find simpler sites like this. Generally, my targets are very well protected, but it's possible to overcome them. them and this takes much more time than in simpler systems, I have little experience but I have already found some cool vulnerabilities, I still can't afford better education in cybersecurity, I would be very happy and I'm sure that the entire community that is also starting out would be very happy and would help a lot, thank you for everything, I hope you read it
As shown in the video, this is a csrf vulnerability which means that the victim needs to click on the "submit" button and that will remove the upi id from this web app.