CSRF - Lab #1 CSRF vulnerability with no defenses | Short Version

In this video, we cover Lab #1 in the CSRF module of the Web Security Academy. This lab's email change functionality is vulnerable to CSRF. To solve the lab, we craft some HTML that uses a CSRF attack to change the viewer's email address and upload it to to our exploit server. ▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬ Buy my course: https://academy.ranakhalil.com/p/web-... ▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬ Long version of the video:    • CSRF - Lab #1 CSRF vulnerability with no d...   CSRF theory video (previous video):    • Cross-Site Request Forgery (CSRF) | Comple...   Notes.txt document: https://github.com/rkhal101/Web-Secur... Web Security Academy Youtube Video Series Release Schedule: https://docs.google.com/spreadsheets/... Web Security Academy: https://portswigger.net/web-security/... Rana's Twitter account:   / rana__khalil  

Join Today
CSRF - Lab #2 CSRF where token validation depends on request method | Short Version
▶︎

CSRF - Lab #2 CSRF where token validation depends on request method | Short Version

CSRF - Lab #1 CSRF vulnerability with no defenses | Long Version
▶︎

CSRF - Lab #1 CSRF vulnerability with no defenses | Long Version

CSRF - Lab #2 CSRF where token validation depends on request method | Long Version
▶︎

CSRF - Lab #2 CSRF where token validation depends on request method | Long Version

Why Aliens Would NEVER Invade Africa
▶︎

Why Aliens Would NEVER Invade Africa

LAWYER: If Cops Ask "Where Are You Coming From?" - Say These Words
▶︎

LAWYER: If Cops Ask "Where Are You Coming From?" - Say These Words

Business Logic Vulnerabilities - Lab #2 High-level logic vulnerability | Long Version
▶︎

Business Logic Vulnerabilities - Lab #2 High-level logic vulnerability | Long Version

SSRF Lab 2 - Basic SSRF against another back-end system (2 Solution Methods)
▶︎

SSRF Lab 2 - Basic SSRF against another back-end system (2 Solution Methods)

CSRF - Lab #5 CSRF where token is tied to non-session cookie | Short Version
▶︎

CSRF - Lab #5 CSRF where token is tied to non-session cookie | Short Version

CSRF - Lab #3 CSRF where token validation depends on token being present | Long Version
▶︎

CSRF - Lab #3 CSRF where token validation depends on token being present | Long Version

Norwegen – Frankreich Highlights | Gruppe I, FIFA WM 2026 | sportstudio
▶︎

Norwegen – Frankreich Highlights | Gruppe I, FIFA WM 2026 | sportstudio

SUMMER DEEP HOUSE Musics Mix 2026 ♫ Bruno Mars, Lady Gaga,Dua Lipa, Adele,Ed Sheeran, The Weeknd #10
▶︎

SUMMER DEEP HOUSE Musics Mix 2026 ♫ Bruno Mars, Lady Gaga,Dua Lipa, Adele,Ed Sheeran, The Weeknd #10

Cross Site Request Forgery - Computerphile
▶︎

Cross Site Request Forgery - Computerphile

Uruguay – Spanien Highlights | Gruppe H, FIFA WM 2026 | sportstudio
▶︎

Uruguay – Spanien Highlights | Gruppe H, FIFA WM 2026 | sportstudio

Cross-Site Request Forgery (CSRF) | Complete Guide
▶︎

Cross-Site Request Forgery (CSRF) | Complete Guide

Avicii, Dua Lipa, Coldplay, Martin Garrix & Kygo, The Chainsmokers Style - Summer Vibes #21
▶︎

Avicii, Dua Lipa, Coldplay, Martin Garrix & Kygo, The Chainsmokers Style - Summer Vibes #21

CSRF - Lab #4 CSRF where token is not tied to user session | Long Version
▶︎

CSRF - Lab #4 CSRF where token is not tied to user session | Long Version

Uninterrupted Deep Work Mix ~ Immersive Productivity Soundscape ~ Neural Focus Study Music
▶︎

Uninterrupted Deep Work Mix ~ Immersive Productivity Soundscape ~ Neural Focus Study Music

CSRF - CSRF where Token is Duplicated in Cookie
▶︎

CSRF - CSRF where Token is Duplicated in Cookie

Complete GitHub Actions Course - From BEGINNER to PRO
▶︎

Complete GitHub Actions Course - From BEGINNER to PRO