1. Web Security Academy
  2. Cross-site scripting
  3. Exploiting
  4. Lab

Lab: Exploiting XSS to perform CSRF


This lab contains a stored XSS vulnerability in the blog comments function. To solve the lab, exploit the vulnerability to perform a CSRF attack and change the email address of someone who views the blog post comments.


To help design your exploit, you can log in with the username wiener and the password peter.