1. Web Security Academy
  2. CSRF
  3. Lab

Lab: CSRF vulnerability with no defenses


This lab's email change functionality is vulnerable to CSRF.

To solve the lab, craft some HTML that uses a CSRF attack to change the viewer's email address and upload it to your exploit server.

You have an account on the application that you can use to help design your attack. The credentials are: carlos / montoya.