Create a Proof of Concept Exploit of a CSRF Vulnerable Website

InstructorMike Sherov

Share this video with your friends

Send Tweet

In this lesson, we'll learn what a Cross Site Request Forgery (CRSF) vulnerability is by learning how to exploit a CSRF vulnerable site by making malicious requests on behalf of a logged in user. We'll construct a malicious payload that automatically gets POSTed to the vulnerable site simply by visiting the attacker website while being logged into the target website.

~ 4 years ago

The cookie in the iframe won't work unless we'll add to the cookie object the property sameSite with the value "none"

Jeremiah Trein
~ 4 years ago

Yes, same as Allen. Seems the browser is handling this for me. I am using Chrome Version 87.0.4280.67

Jeremiah Trein
~ 4 years ago

Update: The instructor does make note of this "lax" default in browsers at the end of lesson #8.