1. Web Security Academy
  2. Cross-site scripting
  3. Exploiting
  4. Lab

Lab: Exploiting XSS to perform CSRF

PRACTITIONER

This lab contains a stored XSS vulnerability in the blog comments function. To solve the lab, exploit the vulnerability to perform a CSRF attack and change the email address of someone who views the blog post comments.

You can log in to your own account using the following credentials: wiener:peter

Learning path

If you're following our suggested learning path, please note that this lab requires some understanding of topics that we haven't covered yet. Don't worry if you get stuck; try coming back later once you've developed your knowledge further.

Stories from the Daily Swig about cross-site scripting

Find XSS vulnerabilities using Burp Suite

The benefits of working through PortSwigger's Web Security Academy

Get started with the Web Security Academy where you can practise exploiting vulnerabilities on realistic targets .. and its free!

Already got an account? Login here