1. Web Security Academy
  2. CSRF
  3. Lab

Lab: CSRF vulnerability with no defenses

This lab's email change functionality is vulnerable to CSRF.

To solve the lab, craft some HTML that uses a CSRF attack to change the viewer's email address and upload it to your exploit server.

You have an account on the application that you can use to help design your attack. The credentials are: carlos / montoya.

Want to track your progress and have a more personalized learning experience? (It's free!)

Sign up Login