Hello Friends,

I’m Rem01x And I’m Currently Preparing For The eWPTX Exam So I Will Be Walking Through All PortSwigger Labs And Make Sure To Make Writeups For All Of Them.

Let’s Start Now.

Assume that we have this website.

Please notice the my account option on the top right.

Let’s navigate to it and see what we could do there.

As we observed this is a login page so let’s provide our credentials to be able to login.

As we notice we will try to update our email to [email protected].

Now let’s intercept the request.

As Observed the email can be changed by the email parameter and the CSRF Token.

By Doing Multiple Examining on the CSRF Token like Changing Request Method, Null CSRF but those techniques does not seem to work.

Okay, at this point I know that I’m missing something did you noticed it ?