When there is an XSS attack vector in place, it's fairly trivial to bypass cross site request forgery protection. In this lab we will be exploiting XSS to perform CSRF and change the email associated with the victim's account.
Support This Channel
======================
Please like and subscribe, it means a lot!
Please buy me a coffee so I can continue to make content.
https://buymeacoffee.com/zenshell
Join our Discord
https://discord.gg/pBcXkvzu
00:00 Introduction
00:15 Change email functionality
01:55 Accessing the CSRF token
03:11 Analysing the payload
05:40 Deploying the exploit
06:46 Relevance of the exploit
