Hello Friends,
I’m Rem01x And I’m Currently Preparing For The eWPTX Exam So I Will Be Walking Through All PortSwigger Labs And Make Sure To Make Writeups For All Of Them.
Let’s Start Now.
Assume that we have this website.
Please notice the my account option on the top right.
Let’s navigate to it and see what we could do there.
As we observed this is a login page so let’s provide our credentials to be able to login.
As we notice we will try to update our email to [email protected].
Now let’s intercept the request.
Now, as we noticed the CSRF Token is duplicated in the POST parameter and the Cookies header
Did you noticed something strange !?
Amazing, the CSRF is duplicated in the cookie and the post parameter.