Тёмный

The Hidden CSRF Vulnerability: Why Testing Every Endpoint Matters! (A Must-Watch Lesson) | 2024 

BePractical
Подписаться 18 тыс.
Просмотров 2,6 тыс.
50% 1
ВидеоПоделитьсяСкачатьДобавить в

In this eye-opening video, we dive into the world of cybersecurity and uncover a surprising CSRF vulnerability that allowed me to manipulate sensitive data. Join me as we explore why testing every endpoint is crucial and how even seemingly harmless parameters can pose a serious risk. Stay tuned to learn valuable lessons on safeguarding against such exploits and always thinking like a hacker to protect your systems effectively. Don't miss out on this essential knowledge to bolster your cybersecurity defenses!
Website: bepractical.tech
Telegram: telegram.me/bepracticaltech
Previous Video: • Bug Bounty: Best Way T...
The Art Of Web Reconnaissance:
www.udemy.com/course/the-art-...
Hacking Windows with Python from Scratch: www.udemy.com/course/hacking-...
The Ultimate Guide to Hunt Account Takeover:
www.udemy.com/course/the-ulti...

Наука

Опубликовано:

 

15 июн 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 35   
@BePracticalTech
@BePracticalTech 13 дней назад
Telegram channel link: telegram.me/bepracticaltech
@adhitamaputra-73
@adhitamaputra-73 8 дней назад
.b.i.n.a. .s.a.r.a.n.a. .i.n.f.o.r.m.a.t.i.k.a.
@eyezikandexploits
@eyezikandexploits 10 дней назад
Great video man
@entertainment_in_blood
@entertainment_in_blood 9 дней назад
so if we find CSRFTOKEN used in the request, JWT token, JSON data.. we can determine that it s not vulnrable to CSRF And we can moveon.. but can you explain more parameter through which we can determine that its not vuln to CSRF..
@mohan9097
@mohan9097 День назад
Lets assume we have 2 accounts, attacker account in firefox and victim account in chrome. Now from the attacker account, we remove the upi and capture that request in burp and generated an csrf POC. Now if we open csrfpoc.html file in chrome browser, will the victim's upi gets removed ? Thats how the impact goes high because removing our own upi will not be an high impact right ? Please explain me on this. I am asking this because, There is a unique cookie going to the server to authorize..please explain
@vijay_sawant
@vijay_sawant 13 дней назад
Thank you
@BePracticalTech
@BePracticalTech 13 дней назад
You're welcome!
@gowtham8774
@gowtham8774 11 дней назад
Can you please make a video for http request smuggling?
@ashikrahman1036
@ashikrahman1036 13 дней назад
happy eid bro❤ and thanks for this tutorial...
@BePracticalTech
@BePracticalTech 13 дней назад
Thank you so much for the wishes!
@eyezikandexploits
@eyezikandexploits 10 дней назад
Question, how can you tell in the request that itd allow for a csrf i noticed none of the responses showed a samesite param or anything like that, even when adding the email. Whats the difference in the responses that allow for csrf besides it being GET and POST, is that the only difference?
@BePracticalTech
@BePracticalTech 10 дней назад
Didn't get you. Please explain again
@user-yo5lx4gm1o
@user-yo5lx4gm1o 12 дней назад
Which tool have you used for checking requets "Intercept"
@BePracticalTech
@BePracticalTech 12 дней назад
Burpsuite
@Ankitverma-yc7zf
@Ankitverma-yc7zf 13 дней назад
buddy make a video for json content-type in CSRF showing how to bypass this.
@l00pzwastaken
@l00pzwastaken 13 дней назад
In this Target 🎯 you are able to remove everyones data ? If yes then that is token based for session then how you are able to remove it?
@BePracticalTech
@BePracticalTech 13 дней назад
As shown in the video, this is a csrf vulnerability which means that the victim needs to click on the "submit" button and that will remove the upi id from this web app.
@nikilmuchur4031
@nikilmuchur4031 10 дней назад
I need help please tell me how to do this, please explain in ur simple words.. by tonight i have to complete this Vulnerability Assessment and Remediation Scenario: Create your own simulated network environment containing several security vulnerabilities. Your task is to identify, document, and propose remediation for these vulnerabilities. Tasks: o Perform a vulnerability scan using tools . o Identify and document all vulnerabilities found. o For each vulnerability, provide: ▪ A description of the vulnerability. ▪ The potential impact on the system. ▪ Steps for remediation.
@nikilmuchur4031
@nikilmuchur4031 10 дней назад
I unable to install kali Linux in my laptop...so big issue...
@BePracticalTech
@BePracticalTech 9 дней назад
Try using live persistent kali linux
@uttarkhandcooltech1237
@uttarkhandcooltech1237 13 дней назад
Love you bhai happ Eid bhai jaan ❤❤❤ nice 👍🏼
@BePracticalTech
@BePracticalTech 13 дней назад
You too.. Thanks for the wishes!
@AKGaming0
@AKGaming0 13 дней назад
Do you have discord server?
@ashfaquejahan8879
@ashfaquejahan8879 13 дней назад
❤❤❤❤
@Prince-zu5uj
@Prince-zu5uj 13 дней назад
U able to remove anyone account upi?
@BePracticalTech
@BePracticalTech 13 дней назад
Yess
@newuser2474
@newuser2474 13 дней назад
Are jwt token vulnerable to csrf
@BePracticalTech
@BePracticalTech 13 дней назад
Not at all. Normally, the ajax request fetch the token and then use it for the rest of the requests. Therefore they are usually safe from CSRF
@newuser2474
@newuser2474 13 дней назад
@@BePracticalTech thanks!
@SecureByBhavesh
@SecureByBhavesh 13 дней назад
First
@AKGaming0
@AKGaming0 13 дней назад
You need a cookie for removing the UPI I'd, this not big issue in my opinion
@BePracticalTech
@BePracticalTech 13 дней назад
This is a CSRF vulnerability. As shown in the video, I was able to remove the UPI id.
@AKGaming0
@AKGaming0 13 дней назад
@@BePracticalTech this content is very high-quality. There is no doubt about it.
@codevibe007
@codevibe007 6 дней назад
where i can contact you sir i asking somthing to you
@BePracticalTech
@BePracticalTech 6 дней назад
business@bepractical.tech
Далее
BUG BOUNTY TOOLS: Creating Python Tool to find Sensitive Information | 2023
36:04
BUG BOUNTY TOOLS: Creating Python Tool to find Sensitive Information | 2023
Просмотров 3,2 тыс.
BUG BOUNTY FOR BEGINNERS: BUY ANYTHING AT $1! | BYPASSING CLIENT SIDE SECURITY #2 | 2024
14:14
BUG BOUNTY FOR BEGINNERS: BUY ANYTHING AT $1! | BYPASSING CLIENT SIDE SECURITY #2 | 2024
Просмотров 2,2 тыс.
Как выжить на 1000 рублей?
13:01
Как выжить на 1000 рублей?
Просмотров 541 тыс.
24 часа в САМОМ ОПАСНОМ и ГЛУБОКОМ БАССЕЙНЕ! Челлендж от МАСЛЕННИКОВА
31:05
24 часа в САМОМ ОПАСНОМ и ГЛУБОКОМ БАССЕЙНЕ! Челлендж от МАСЛЕННИКОВА
Просмотров 1,3 млн
Клип Уже На Канале #янгер #shorts
00:15
Клип Уже На Канале #янгер #shorts
Просмотров 502 тыс.
Choose The Item That Can Cover For Miss Delight To Escape The Death And Go To Heaven 👍️
00:27
Choose The Item That Can Cover For Miss Delight To Escape The Death And Go To Heaven 👍️
Просмотров 2,3 млн
`const` was a mistake
31:50
`const` was a mistake
Просмотров 123 тыс.
Remotely Control Any PC with an image?!
12:42
Remotely Control Any PC with an image?!
Просмотров 128 тыс.
$200 Bug Bounty PoC Worth | Full API Key Recon
14:28
$200 Bug Bounty PoC Worth | Full API Key Recon
Просмотров 4,5 тыс.
If I Were to Start in Cyber Security, I'd Do This
13:40
If I Were to Start in Cyber Security, I'd Do This
Просмотров 25 тыс.
Bug Bounty: Best Way To Find XSS & Bypass WAF | Live Demonstration | 2024
15:52
Bug Bounty: Best Way To Find XSS & Bypass WAF | Live Demonstration | 2024
Просмотров 4,9 тыс.
IoT PenTesting: How I Was Able to Hack Over 10,000 Uniway Routers! | 2024
18:50
IoT PenTesting: How I Was Able to Hack Over 10,000 Uniway Routers! | 2024
Просмотров 2,1 тыс.
Software engineer interns on their first day be like...
2:21
Software engineer interns on their first day be like...
Просмотров 13 млн
how hackers hack any website in 8 minutes 6 seconds?!
8:06
how hackers hack any website in 8 minutes 6 seconds?!
Просмотров 40 тыс.
Where People Go When They Want to Hack You
34:40
Where People Go When They Want to Hack You
Просмотров 1,2 млн
ADVANCED BUG BOUNTY TUTORIAL: BUSINESS LOGIC VULNERABILITY | 2023
15:45
ADVANCED BUG BOUNTY TUTORIAL: BUSINESS LOGIC VULNERABILITY | 2023
Просмотров 3,6 тыс.
Gizli Apple Watch Özelliği😱
0:14
Gizli Apple Watch Özelliği😱
Просмотров 4,3 млн
Срочно мошенники блокируют iCloud Apple ID #icloud как удалить Apple ID блокировка активации
0:50
Срочно мошенники блокируют iCloud Apple ID #icloud как удалить Apple ID блокировка активации
Просмотров 137 тыс.
ПОКУПКА ТЕЛЕФОНА С АВИТО?🤭
1:00
ПОКУПКА ТЕЛЕФОНА С АВИТО?🤭
Просмотров 3,2 млн
Хотела заскамить на Айфон!😱📱(@gertieinar)
0:21
Хотела заскамить на Айфон!😱📱(@gertieinar)
Просмотров 4,2 млн
478 СОКЕТ НА СТЕРОИДАХ / ЧТО СМОЖЕТ В 2024 ГОДУ?
25:02
478 СОКЕТ НА СТЕРОИДАХ / ЧТО СМОЖЕТ В 2024 ГОДУ?
Просмотров 194 тыс.
Hisense Official Flagship Store Hisense is the champion What is going on?
0:11
Hisense Official Flagship Store Hisense is the champion What is going on?
Просмотров 2,3 млн
Магазин техники Apple - @x.gadgets.96 (ул. Радищева, 12)
0:31
Магазин техники Apple - @x.gadgets.96 (ул. Радищева, 12)
Просмотров 33 тыс.