CSRF - Lab #7 CSRF where Referer validation depends on header being present | Short Version

In this video, we cover Lab #7 in the CSRF module of the Web Security Academy. This lab's email change functionality is vulnerable to CSRF. This lab's email change functionality is vulnerable to CSRF. It attempts to block cross domain requests but has an insecure fallback. To solve the lab, we use the exploit server to host an HTML page that uses a CSRF attack to change the viewer's email address. ▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬ Buy my course: https://academy.ranakhalil.com/p/web-... ▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬ CSRF Lab #7 long video:    • CSRF - Lab #7 CSRF where Referer validatio...   Notes.txt document: https://github.com/rkhal101/Web-Secur... CSRF theory video:    • Cross-Site Request Forgery (CSRF) | Comple...   Web Security Academy Youtube Video Series Release Schedule: https://docs.google.com/spreadsheets/... Web Security Academy: https://portswigger.net/web-security/... Rana's Twitter account:   / rana__khalil  

Join Today
CSRF - Lab #8 CSRF with broken Referer validation | Short Version
▶︎

CSRF - Lab #8 CSRF with broken Referer validation | Short Version

CSRF - Lab #7 CSRF where Referer validation depends on header being present | Long Version
▶︎

CSRF - Lab #7 CSRF where Referer validation depends on header being present | Long Version

CSRF - Lab #5 CSRF where token is tied to non-session cookie | Short Version
▶︎

CSRF - Lab #5 CSRF where token is tied to non-session cookie | Short Version

CSRF - Lab #1 CSRF vulnerability with no defenses | Long Version
▶︎

CSRF - Lab #1 CSRF vulnerability with no defenses | Long Version

CSRF where Referer validation depends on header being present - Lab#11
▶︎

CSRF where Referer validation depends on header being present - Lab#11

How To Think SO CLEARLY People Assume You're A Genius
▶︎

How To Think SO CLEARLY People Assume You're A Genius

Judge Can’t Stop Laughing At Sovereign Citizen’s Courtroom Meltdown!!!
▶︎

Judge Can’t Stop Laughing At Sovereign Citizen’s Courtroom Meltdown!!!

CSRF - Lab #1 CSRF vulnerability with no defenses | Short Version
▶︎

CSRF - Lab #1 CSRF vulnerability with no defenses | Short Version

Business Logic Vulnerabilities - Lab #5 Low Level Logic Flaw | Long Video
▶︎

Business Logic Vulnerabilities - Lab #5 Low Level Logic Flaw | Long Video

Avicii, Dua Lipa, Coldplay, Martin Garrix & Kygo, The Chainsmokers Style - Summer Vibes #21
▶︎

Avicii, Dua Lipa, Coldplay, Martin Garrix & Kygo, The Chainsmokers Style - Summer Vibes #21

Can you prevent CSRF with Same-Site?
▶︎

Can you prevent CSRF with Same-Site?

CSRF - Lab #2 CSRF where token validation depends on request method | Long Version
▶︎

CSRF - Lab #2 CSRF where token validation depends on request method | Long Version

SUMMER DEEP HOUSE Musics Mix 2026 ♫ Bruno Mars, Lady Gaga,Dua Lipa, Adele,Ed Sheeran, The Weeknd #29
▶︎

SUMMER DEEP HOUSE Musics Mix 2026 ♫ Bruno Mars, Lady Gaga,Dua Lipa, Adele,Ed Sheeran, The Weeknd #29

CSRF - Lab #3 CSRF where token validation depends on token being present | Long Version
▶︎

CSRF - Lab #3 CSRF where token validation depends on token being present | Long Version

SameSite Cookie Attribute Explained by Example (Strict, Lax, None & No SameSite)
▶︎

SameSite Cookie Attribute Explained by Example (Strict, Lax, None & No SameSite)

CSRF - Lab #8 CSRF with broken Referer validation | Long Version
▶︎

CSRF - Lab #8 CSRF with broken Referer validation | Long Version

Lab - Exploiting CSRF: SameSite Strict bypass via sibling domain - Short Version
▶︎

Lab - Exploiting CSRF: SameSite Strict bypass via sibling domain - Short Version

Lab: CSRF with SameSite Lax BYPASS via method override
▶︎

Lab: CSRF with SameSite Lax BYPASS via method override

CSRF - Lab #4 CSRF where token is not tied to user session | Long Version
▶︎

CSRF - Lab #4 CSRF where token is not tied to user session | Long Version

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!
▶︎

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!