1. Web Security Academy
  2. Cross-site scripting
  3. Exploiting
  4. Lab

Lab: Exploiting XSS to perform CSRF

This lab contains a stored XSS vulnerability in the blog comments function. To solve the lab, exploit the vulnerability to perform a CSRF attack and change the email address of someone who views the blog post comments.

Note

To help design your exploit, you can log in with the username wiener and the password peter.

Want to track your progress and have a more personalized learning experience? (It's free!)

Sign up Login