CSRF - Lab #2 CSRF where token validation depends on request method | Short Version

In this video, we cover Lab #2 in the CSRF module of the Web Security Academy. This lab's email change functionality is vulnerable to CSRF. It attempts to block CSRF attacks, but only applies defenses to certain types of requests. To solve the lab, we craft some HTML that uses a CSRF attack to change the viewer's email address and upload it to to our exploit server. ▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬ Buy my course: https://academy.ranakhalil.com/p/web-... ▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬ CSRF Lab #2 long video:    • CSRF - Lab #2 CSRF where token validation ...   Notes.txt document:https://github.com/rkhal101/Web-Secur... CSRF Lab #1 (previous video):    • CSRF - Lab #1 CSRF vulnerability with no d...   CSRF theory video:    • Cross-Site Request Forgery (CSRF) | Comple...   Web Security Academy Youtube Video Series Release Schedule: https://docs.google.com/spreadsheets/... Web Security Academy: https://portswigger.net/web-security/... Rana's Twitter account:   / rana__khalil  

Join Today
CSRF - Lab #3 CSRF where token validation depends on token being present | Short Version
▶︎

CSRF - Lab #3 CSRF where token validation depends on token being present | Short Version

CSRF - Lab #1 CSRF vulnerability with no defenses | Short Version
▶︎

CSRF - Lab #1 CSRF vulnerability with no defenses | Short Version

CSRF - Lab #2 CSRF where token validation depends on request method | Long Version
▶︎

CSRF - Lab #2 CSRF where token validation depends on request method | Long Version

CSRF Where Token Validation Depends on Request Method
▶︎

CSRF Where Token Validation Depends on Request Method

Android 17 sucks. So I put Linux on a phone.
▶︎

Android 17 sucks. So I put Linux on a phone.

CSRF - Lab #5 CSRF where token is tied to non-session cookie | Short Version
▶︎

CSRF - Lab #5 CSRF where token is tied to non-session cookie | Short Version

Lab: CSRF where token validation depends on request method | Burp Suite | Portswigger
▶︎

Lab: CSRF where token validation depends on request method | Burp Suite | Portswigger

CSRF - Lab #3 CSRF where token validation depends on token being present | Long Version
▶︎

CSRF - Lab #3 CSRF where token validation depends on token being present | Long Version

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!
▶︎

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!

Lab: CSRF with SameSite Strict BYPASS via client-side redirect
▶︎

Lab: CSRF with SameSite Strict BYPASS via client-side redirect

Uninterrupted Deep Work Mix ~ Immersive Productivity Soundscape ~ Neural Focus Study Music
▶︎

Uninterrupted Deep Work Mix ~ Immersive Productivity Soundscape ~ Neural Focus Study Music

CSRF - Lab #1 CSRF vulnerability with no defenses | Long Version
▶︎

CSRF - Lab #1 CSRF vulnerability with no defenses | Long Version

CSRF - CSRF where Token is Duplicated in Cookie
▶︎

CSRF - CSRF where Token is Duplicated in Cookie

Deep House Mix 2026 | Emotional Night Drive, Vocal House, Nu Disco | Chill Mood
▶︎

Deep House Mix 2026 | Emotional Night Drive, Vocal House, Nu Disco | Chill Mood

CSRF Where Token is Not Tied to User Session
▶︎

CSRF Where Token is Not Tied to User Session

Attacking AI - Jason Haddix - NDC Security 2026
▶︎

Attacking AI - Jason Haddix - NDC Security 2026

Deep Dive into LLMs like ChatGPT
▶︎

Deep Dive into LLMs like ChatGPT

CSRF - Lab #4 CSRF where token is not tied to user session | Long Version
▶︎

CSRF - Lab #4 CSRF where token is not tied to user session | Long Version

SUMMER DEEP HOUSE Musics Mix 2026 ♫ Bruno Mars, Lady Gaga,Dua Lipa, Adele,Ed Sheeran, The Weeknd #02
▶︎

SUMMER DEEP HOUSE Musics Mix 2026 ♫ Bruno Mars, Lady Gaga,Dua Lipa, Adele,Ed Sheeran, The Weeknd #02